Information Security Policy

Below is the Information Security Policy which demonstrates the commitment of General Management to the development and implementation of the management system, as well as to its continuous improvement and effectiveness:

The Information Security Management System Policy of INSTEL is an ethical and responsible statement, established by the General Management and applicable throughout the organization. It ensures the proper management of the information security of the data processed and/or hosted by the systems and services included within the scope, with the commitment to comply with the requirements related to Information Security.

To implement this policy, INSTEL’s management commits to:

Conducting periodic risk analyses that provide a clear view of the information security risks to which the assets are exposed, and developing the necessary measures to limit and reduce such risks by defining appropriate security measures.

Developing comprehensive security regulations that define the conditions under which the company, within the established scope, must carry out its activities to meet the defined security requirements.

Allocating the necessary resources and means to implement all the determined security measures, maintaining a proper balance between cost and benefit.

Establishing a training and awareness plan on information security to help all involved personnel understand and comply with the established security measures and participate proactively in the management of information security.

Implementing all necessary measures to ensure proper handling of security incidents that may arise, allowing the resolution of both minor incidents and situations that could jeopardize the continuity of critical activities.

Periodically establishing a set of objectives and indicators related to information security to enable proper monitoring of the evolution of security within the company.

Implementing a methodology for review, auditing, and continuous improvement of the system, following a PDCA (Plan-Do-Check-Act) cycle to ensure the ongoing maintenance of the desired security levels.

INSTEL establishes the necessary procedures and courses of action to ensure the correct implementation of this policy, which are reflected in a documented security system known to all INSTEL personnel and which complies with the requirements set forth in the standard.