Information Security Policy
Relational provides a wide range of consulting services – from the development of integrated technology strategies and product installation assistance to the execution of specific technological and architectural assessments to support the dissemination of information across the business.
This policy protects the information assets of the organization and all information data of third parties, against all internal, external, voluntary or unintentional threats.
The development of the Information Security System is applied in the field of Production, Marketing and Support of Computer Software and IT products, as well as in the internal computer support of the company.
Security policy ensures:
- The confidentiality of information.
- The integrity of information.
- The availability of information.
- In this context, the company:
- Develops, maintains and tests a business continuity plan.
- Ensures the training of employees in matters of information security.
To achieve the above, the Management supports the information security policy and at the same time
- Sets measurable goals.
- Identifies the business requirements for the availability of information systems.
- Communicates to all those involved in the implementation of the information security management system the objectives and their importance and their achievement, as well as the contractual security obligations of the company.
- Appoints the Information Security Officer to maintain the policy and provide support and advice during its implementation.
- Assigns clear and predetermined roles and responsibilities to each party involved in the implementation of the information security management system.
- Notifies promptly and appropriately to all parties involved, any change in the information security management system, based on the ISO 27001: 2013 standard.
- Inspects the system and security policies on a semi-annual basis or more frequently if significant changes have been made to information that directly or indirectly affects information security.
- It is responsible for defining the criteria for risk assessment and classification.
In addition to:
- Non-compliance of staff with safety policies and procedures, incurs penalties in accordance with the company’s rules of procedure.
- Possible breaches of information security are reported to the Information Security Officer.