INFORMATION SECURITY POLICY FOR SUPPLIERS
We inform our suppliers of the existence of Information Security Guidelines established in our organization to show PRODEVELOP’s commitment to protecting and guaranteeing the principles of confidentiality, integrity, authenticity and availability of the information handled in the Organization.
We work under an Information Security Management System, the scope of which not only affects the use of assets, but extends to all persons and third parties in the knowledge and compliance with these Guidelines structured according to ISO/IEC 27001:2013. Both the Information Security Policy and Guidelines are in line with Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights.
This security regulation affects the following fields of the Organization:
- Access to facilities. In which access rules are regulated, with special mention of access to secure areas and regulation of access to people outside the organization.
- Access to the corporate network. Corporate resources are protected with the technical security means necessary to ensure the protection of information, either from the facilities themselves or externally. The access and use of information are regulated by rules focused on the protection with special attention to sensitive or confidential information.
- Use of assets. People at PRODEVELOP are committed to make a rational use and ensure the care of the equipment provided by the Organization for the performance of their functions and tasks. In this sense, performance standards are described and configurations are applied to protect the information contained in these devices.
- Internet use. Special attention is paid to regulating the use of internet, e-mail and cloud storage for professional use with the aim of minimising the risks that may occur with unregulated use of these tools.
- Incident management. The involvement of the people at PRODEVELOP in security matters helps to detect possible problems that could endanger the confidentiality, integrity and availability of the services or assets they support.
- Business continuity. All the means implemented for the availability and continuity of the business are in line with the requirements of the ISO certified schemes in the organization.
- Intellectual property is ensured with the commitment of the people at PRODEVELOP according to the rules of confidentiality of the organization.
Violation of Security Policies and guidelines is subject to sanction in accordance with the mechanisms set forth in current legislation.
Both the policy (ISMS02-SecurityPolicy) and the guidelines (ISMS04-GuidelinesManagementSecurity) are periodically reviewed to align them with the needs of the organization.
The Management Committee is aware of the importance of these Policies and actively participates in their revision.