Information Security Policy
The expansion of new technologies and the opening up to public networks offer DOCUTEN TECH S.L. new channels to reach clients and establish relationships with other entities, which increases business processes. However, these new technologies and relationships raise the level of risk associated with the exposure of DOCUTEN TECH S.L.’s information and communications.
Information is considered a strategic asset to DOCUTEN TECH S.L. In this context, a reference framework has been established which defines the guidelines for action through a preventive, informative, reactive and learning-centred approach to guarantee that the integrity, availability, confidentiality, authenticity and traceability of DOCUTEN TECH S.L.’s information (and its clients’ information) cannot be compromised.
The Information Security Policy of DOCUTEN TECH S.L. constitutes a reference framework aimed at facilitating the definition, management, administration and implementation of the security mechanisms necessary to address the implementation of the corresponding level of security for the information assets of DOCUTEN TECH S.L.
The following principles and criteria for Information Security are established:
- Senior Management’s commitment to the continuous improvement of its activities, products and services, as well as the Information Security System itself, through data analysis.
- The commitment to comply with current legislation and regulations that are applicable, along with other information security requirements agreed to with our clients, maintaining a conduct of permanent adherence to them.
- DOCUTEN TECH S.L. assumes as a premise of its Information Security Policy the adaptation of both the information systems and the physical storage devices to the rules and/or regulations of municipal, regional, ministerial and regulatory bodies.
- The objective is to provide employees, clients and visitors with adequate security measures within the facilities and information systems of DOCUTEN TECH S.L. The security of the information that DOCUTEN TECH S.L. collects, processes, stores and transmits is essential to guarantee its assets and that of its shareholders.
- DOCUTEN TECH S.L. can limit access to your information, for both people and physical or logical objects, for which an access control system has been established.
- Security is an activity that concerns all employees and collaborators of DOCUTEN TECH S.L. and it is their responsibility to carry out activities with the aim of ensuring adequate protection of the assets of DOCUTEN TECH S.L., understanding, assuming and applying the security rules and procedures.
- The security of information, and of the systems and devices that collect, process, store and transmit it are essential to guaranteeing the operational continuity of the business. The necessary security policies, standards, procedures and mechanisms have been established to guarantee the confidentiality, integrity, availability, authenticity and traceability of said information. It will therefore follow what is outlined by the Internal Regulatory Body of DOCUTEN TECH S.L.
- Information security should be considered part of normal operations and needs to be present and applied from the initial design of the information processes and systems.
- It is essential to have updated inventories of the services and the information assets that support them, as well as their managers or owners and the associated risks. This enables continuous analysis of the same and allows for the design and application of new security measures and mechanisms with adequate management of changes.
- The value of the information will be understood, so classification methods will be specified according to the level of importance for the organisation, and associated processes will be developed for its treatment, storage, transmission, declassification, access, reproduction and destruction according to its level of classification.
After having successfully passed the external audit (carried out by the certification entity EQA), DOCUTEN TECH S.L. has an Information Security Management System certified in accordance with the UNE-ISO/IEC 27001: 2014 standard.
ISO 27001 is an international standard issued by the International Organization for Standardization (ISO) that outlines how to manage information security in a company. The focal point of ISO 27001 is to protect the confidentiality, integrity and availability of information in a company.
To achieve this, potential problems that could affect the information are evaluated (risk assessment) and what needs to be done to prevent these problems (risk mitigation or treatment) is defined.