Revision Control

Version Date Reason Who
01 15-01-2023 First version Security Resp

Index

  1. Introduction
  2. Scope
  3. Information Security Objectives
  4. Information Security Management Approach
  5. Responsibilities
  6. Awareness and Training
  7. Compliance
  8. Review

1. Introduction

Invader recognizes the importance of information security for the continuous success of its operations and the fulfillment of its objectives. This policy establishes its commitment to information security and provides a basis for establishing and reviewing security controls in accordance with ISO/IEC 27001 standard.

2. Scope

This policy applies to all organization's information assets, including information stored, processed, or transmitted in any format for consulting and forensic analysis services.

3. Information Security Objectives

The organization is committed to achieving the following information security objectives:

  • Protect information against unauthorized access or unauthorized disclosure.
  • Maintain accuracy and completeness of information and associated business processes.
  • Ensure that information is available and used by those who need it when they need it.
  • Verify and confirm the authenticity of information and the users accessing it.
  • Assign clear responsibilities for information security management and promote awareness and accountability among all employees.
  • Comply with laws, regulations, and contractual requirements related to information security.

4. Information Security Management Approach

Invader has adopted a systematic approach to managing information security, based on the principles of ISO/IEC 27001 standard. This includes:

  • Identifying and assessing information security risks throughout the organization.
  • Selecting and applying appropriate security controls to mitigate identified risks.
  • Implementing the selected controls and ensuring their ongoing effectiveness.
  • Regularly monitoring the effectiveness of implemented controls and reviewing the information security management system to ensure its continued adequacy.
  • Seeking continuous improvement of the information security management system through learning from past experiences and adopting best practices.
  • Designing and configuring systems always with Security by Default in mind. The system provides the minimum functionality required because operation, administration, and activity logging functions are kept to a minimum.
  • Ensuring business continuity for 0INVADER and minimizing risks by preventing security incidents and reducing their potential impact.
  • Achieving, within the established contractual framework, maximum satisfaction of its clients and workers regarding the services provided.
  • Establishing and reviewing management service objectives and evaluation criteria for improvement opportunities in the System Review meetings by Management.
  • 0INVADER commits to confidentiality of all documentation related to all aspects of the work carried out.
  • Complying with applicable laws and regulations related to its activity, as well as with the requirements and recommendations considered necessary within the environment of said Information System.
  • Securing the organization's information assets against accidental or deliberate threats, both internal and external.

The management of 0INVADER assumes responsibility for ensuring that the Information System is sufficiently documented, communicated, and understood by its staff. To do this, they commit to providing the necessary resources for information, training, and awareness.

Both the detection of threats and vulnerabilities and the estimation of inherent risk will be carried out through regular meetings where the impact and probability of risks occurring will be evaluated.

The management, through the development and implementation of the Information System, will ensure that:

  • the integrity of the information is maintained,
  • the confidentiality of the information is mandatory,
  • the availability of the information will meet business requirements,
  • the information is protected from unauthorized access,
  • legal requirements are met, especially regarding the protection of personal data,
  • business continuity plans will be developed, maintained, and verified,
  • personnel will be trained to be aware of their functions and responsibilities regarding information security,
  • security incidents will be reported obligatorily and will be subsequently evaluated,
  • the ISMS will be reviewed, particularly this security policy, to keep it continuously updated and appropriate to ever-changing needs.

The management of 0INVADER is aware of the importance of developing proper change management. They commit to establishing a systematic approach to ensure control over the configuration items that require such control, as well as the criteria for carrying them out, with the purpose of achieving a greater impact of their services.

To comply with this Change Management Policy, 0INVADER establishes that the components and elements under the control of the change management process are:

  • In information security.
  • In service level agreements.
  • In infrastructures.
  • In changes to our deployed services.

0INVADER will promote all Information Systems and all necessary policies, procedures, and protocols, taking into account current legislation on equality and non-discrimination.

0INVADER reviews the Information System policy, either annually or in the event of a significant change or modification in its organizational structure, and ensures that the policy is appropriate.

5. Responsibilities

As a result of the principles and requirements outlined above, 0Invader has determined the responsibilities of all members of the organization as follows:

  • Responsibility for information security lies with all employees of the organization.
  • Employees must comply with information security policies and procedures and report any security incidents or vulnerabilities they encounter.
  • Management will approve system documentation and provide resources of all kinds for the implementation of the information security management system.

0INVADER will be empowered in the event of the commission of any of the crimes or offenses typified by the current Penal Code or in the event of observing any behaviors that, in its opinion, are contrary to this policy, the Law, established rules, or may disrupt its proper functioning, image, credibility, and/or prestige, to claim damages of all kinds that it may suffer, on the occasion or as a consequence of the breach of any of the obligations mentioned above.

6. Awareness and Training

0Invader will provide periodic awareness and training programs to ensure that all employees understand their responsibilities regarding information security and are equipped to fulfill them.

7. Compliance

The organization commits to complying with all applicable legal and contractual requirements.

8. Review

0Invader reviews the Systems policy, either annually or in the event of a significant change or modification in its organizational structure, and ensures that the policy is appropriate.

This policy has been approved by the Management of 0Invader and takes effect from January 2023.

0 Invader Cookies

Nous utilisons le minimum de cookies pour l'utilisation de notre site

Accepter & Continuer

Mentions légales – et – Cookies