BDEO, aware that the security of information relating to our customers is a critical resource, has established an Information Security Management System in accordance with the requirements of ISO/IEC 27001, 27017 and 27018 to ensure the continuity of information systems, minimize the risk of damage, ensure compliance with the objectives set and maintain the security and privacy of personal data in the cloud.
The objective of the Integrated Policy is to establish the necessary framework for action to protect information resources against threats, internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity and availability of information.
The effectiveness and application of the integrated Management System of the three regulations is the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination and compliance with this Security Policy. In its name and on its behalf, an Information Security Manager has been appointed, who has sufficient authority to play an active role in the Information Security Management System, supervising its implementation, development and maintenance.
The Information Security Committee shall develop and approve the risk analysis methodology used in the Information Security Management System.
Any person whose activity may, directly or indirectly, be affected by the requirements of the Information Security Management System is obliged to strictly comply with the Security Policy.
BDEO will implement all the necessary measures to comply with the applicable regulations on security in general and IT security, relating to IT policy, the security of buildings and facilities and the behaviour of employees and third parties associated with BDEO in the use of IT systems. The measures necessary to ensure the security of information through the application of rules, procedures and controls must ensure the confidentiality, integrity and availability of information, essential for:
- Comply with current legislation on information systems.
- Ensure the confidentiality of the data managed by BDEO.
- Ensure the information security requirements applicable to the design and implementation of the cloud service.
- Reduce the risks of authorized insider information.
- Ensure isolation of customers from multi-tenancy and cloud services (including virtualization).
- Ensure the protection and confidentiality of client assets.
- Implement access control procedures.
- Properly manage the information contained in the cloud throughout the lifecycle of customer accounts.
- Communicate security breaches to involved parties and establish information sharing guidelines to aid investigations and forensic analysis.
- Ensure the availability of information systems, both in the services offered to customers and in internal management.
- Ensure the capacity to respond to emergency situations, restoring the operation of critical services in the shortest possible time.
- Avoid undue alterations in the information.
- Promote awareness and training in information security. Security policy.
- Establish objectives and goals focused on the evaluation of the performance in terms of information security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.