At Cresteo, information security is a critical priority. This Security Information Policy outlines our approach to safeguarding, managing, and protecting information assets across the organization.
Our Information Security Policy
At Cresteo, information security is of vital importance. Therefore, we:
- We classify and protect information in accordance with current regulations and based on the criteria related to the importance it has for Cresteo.
- We identify and protect information assets in terms of confidentiality, integrity, and availability, avoiding their destruction, disclosure, modification, or unauthorized use.
- We assess and address information security risks by applying the corresponding corrective actions, ensuring the sustainability of operations.
- We establish annual objectives and an action plan to achieve them, which we review and update, always aiming for continuous improvement.
- We provide awareness and training to every member of the organization, seeking permanent commitment to the process.
- We identify and comply with the regulatory and contractual obligations of our stakeholders regarding information security.
- We allocate the necessary resources to consolidate our culture of responsibility and the sustainability of our Information Security Management System.
Scope
This policy applies to the entire organization.
Responsibilities
All members of the organization are responsible for complying with this policy.
References
N/A