SISTEM It develops its main activity as a systems integrator company in the Transport (Railways, Traffic and Airports) and Telecommunications sectors in Spain and in the International market. Knowing that Information Security is essential for the competitiveness of the company, it has established a formal and responsible commitment to the development, implementation and improvement of the Information Security Management System, based on the standard UNE-ISO / IEC 27001: 2014.
This policy is established as a framework in which all the activities of the company must be developed in such a way that the commitment acquired is guaranteed to the clients and other interested parties, to ensure the availability, confidentiality and integrity of the information.
The information security management system of SISTEM, is based on the following principles that will support the security objectives:
- Protection of personal data and the privacy of people. The need for the strictest confidentiality regarding personal data held by SISTEM.
- Protection of the records of the Organization, both in the manual or computerized manipulation of records.
- Make use of the “Information Security Management System” as a tool to implement a formal system in order to protect the confidentiality, integrity and availability of information.
- Compliance and compliance with the legislative and contractual requirements applicable to the activity of the company in terms of security, as well as the provision of the necessary resources for its achievement.
- Control or restrict access to confidential information only to authorized personnel. Access to confidential information is limited to staff who have a specific need to view or use such information. The organization will endeavor to improve its confidentiality processes. The information will not be available to third parties without the written consent of the owner of the information and an agreement that formalizes it.
- The objectives related to the performance of information security will be established annually and will be reviewed in a planned manner. They must be aligned with this policy.
- The risks resulting from the organization, from physical security, from the environment, from changes to emerging technologies and the hiring of third parties should be properly evaluated and controlled.
- The continuous improvement of security management by preventing and analyzing the causes of problems that have arisen.
- The objective of ensuring the continuity of the business, the protection of personal data and the records of the organization.
- The Directorate is obliged to train personnel on security controls and measures, and the disciplinary process defined in the Workers’ Statute in Chapter IV (Fouls and sanctions of workers) may be applicable in case of intentional violations of security. .
- Communication of detected security incidents based on established policies.
To achieve compliance with the above principles, it is necessary to implement a set of security measures that guarantee the effectiveness of the efforts made. All the measures adopted have been established after the adequate risk analysis of the information assets of SYSTEM.
The present policy is known and subscribed by all the personnel of SISTEM in accordance with the requirements of the Management and all members of the organization must comply with and ensure compliance with the provisions of the ISMS of SISTEM. To ensure compliance with the provisions of the ISMS, the Department delegates the responsibility for supervision, verification and monitoring of the system in the Security Coordinator, who has the necessary authority and independence and will have the appropriate resources to ensure the correct operation of the ISMS.
Lastly, Management is committed to providing the necessary means and adopting the appropriate improvements throughout the Organization, to encourage the prevention of risks and damage to assets, thereby improving the efficiency and effectiveness of the ISMS.
Signed: Juan Francisco Ruiz
General Director of SISTEM
Madrid, January 27 of 2017