Security Policy

Security policy of IDEATI S.A.

Information Security Policy

Management recognizes the importance of identifying and protecting the organization’s information assets. To that end, it will prevent unauthorized destruction, disclosure, modification, and use of all information, committing to develop, implement, maintain, and continuously improve an Information Security Management System. Management declares compliance with current regulations and legislation related to information security. Information Security is characterized by preserving:

  1. confidentiality, ensuring that only authorized parties can access information;
  2. integrity, ensuring that information and processing methods are accurate and complete;
  3. availability, ensuring that authorized users have access to information when required.

Information security is achieved by implementing an appropriate set of controls, such as policies, procedures, organizational structures, software, and infrastructure. These controls shall be established to ensure the organization’s security objectives.

The organization will appoint an Information Security Committee responsible for guidance, implementation, and maintenance of the Information Security Management System.

This Information Security Policy must be known and complied with by all organization personnel, regardless of role and contractual status.

It is the organization’s policy to:

  • Establish annual objectives related to Information Security.
  • Develop a security risk assessment and treatment process and, based on results, implement corresponding corrective and preventive actions, as well as prepare and update the action plan.
  • Classify and protect information according to applicable regulations and valuation criteria related to its importance to the organization.
  • Comply with service, legal or regulatory requirements and contractual security obligations.
  • Provide awareness and training on information security to all personnel.
  • Establish that all personnel are responsible for recording and reporting confirmed or suspected security violations according to the corresponding procedures.
  • Establish the means necessary to guarantee continuity of the organization’s operations.
  • Ensure that all IDEATI employees, as well as corresponding external participants, are familiar with this Policy.