It is the policy of Gros Monserrat Asociados S.L. to have an information security management system that is appropriate to the current technological environment. We understand that information is a fundamental asset for the provision of our services and efficient decision-making, which is why we are expressly committed to protecting information in general as part of a strategy aimed at business continuity, risk management and the consolidation of a culture of security.
To this end, Gros Monserrat Asociados S.L. undertakes the following commitments:
To define, implement and keep up to date an Information Security Management System based on the ISO 27001 standard, the basic elements of which are developed in the application procedures. All this in order to continuously improve the effectiveness and efficiency of the organisation’s performance, through the consideration of the interested parties and the fulfilment of the Information
Provide the Company with the necessary human and technical resources to secure information.
Create an Information Security Committee, which will be responsible for the maintenance, review and improvement of the company’s Information Security Management System.
Ensure the continuous review of the Information Security Management System, through internal quality audits, which allow for a critical review and facilitate its improvement, and the periodic review by the Management.
Create a business contingency plan to ensure continuity of operations in the event of unforeseen events that may affect information security.
Ensure that appropriate measures are taken to ensure information security.
Inform and train personnel on the need to:
The duty of confidentiality and secrecy that they must have with respect to the information to which they have access in accordance with their functions within the organisation
Access information through passwords that are confidential and non-transferable- Report any incident in the information security system.
Use the resources provided by the company exclusively for purposes related to the activity they carry out in the organisation.
To comply at all times with the current legislation applicable to our activity. By fulfilling these commitments, Gros Monserrat Asociados S.L. guarantees the achievement of the following general objectives:
To avoid, transfer, assume or reduce risks due to the establishment and monitoring of controls over them, to a level that can be assumed by our organisation. In this way, if an incident occurs, damage is minimised and business continuity is assured.
Achieve cost savings derived from a rationalisation of resources. Unnecessary and inefficient investments such as those caused by underestimating or overestimating risks are eliminated.
Safety is considered a system and becomes a management activity.
Ensure compliance with current legislation and avoid unnecessary risks and costs.
To have control of:
external access to systems that host applications available to customers (publicly available) to avoid unauthorised or cross access to data.
incidents that may be generated in the system.
availability of publicly available services and systems
The Information Security Management System will contribute to improving the competitiveness of the organisation, differentiating it from other companies in the sector, improving the image and trust of our company among clients, potential clients and suppliers, thereby increasing the prestige of the company at a national and international level.
In order to achieve these objectives, the Management establishes the necessary measures to ensure that its Information Security System:
Is disseminated to all areas of the company.
Is reviewed and updated.
The General Management declares that the requirements contained in the documentation that constitutes the Information Security Management System must be complied with.
In Manresa, 21st March 2014.
The General Management.