The Management of nettaro, in its desire to guarantee the security of the services it provides to its clients, decided to carry out its activities in accordance with the UNE-EN ISO/IEC 270001 standard, with the following scope:
“The information systems supporting the provision of IT Services: Application Monitoring and Monitoring (APM), Software Asset Management (SAM), Cybersecurity, Architecture and CLOUD Managed Services, according to the current statement of applicability at the date of issuance of the certificate”.
Given the importance of information systems, as well as the information available for business activity, nettaro establishes the following guidelines through its Management for all employees or those who have or may have access to company information or information directly or indirectly related to the same, through the provision of their services.
Information must be given an adequate level of protection based on classification guidelines (according to its value, legal requirements, sensitivity and criticality).
Information Security takes into account compliance with current legislation and contractual requirements.
Security measures must be implemented with a risk management oriented approach, aiming at and complying with security requirements in all three dimensions (confidentiality, integrity, availability)
Information Security is the responsibility of all nettaro personnel, who must be trained and made aware of the need to satisfactorily fulfil their responsibilities
All company personnel must maintain the confidentiality of information to which they may have access, as well as the obligation to comply with the security standards implemented and the controls establishes
Management establishes the necessary for the effective maintenance of the Information Security Management System
nettaro’s Information Security is periodically evaluated and reviewed to contribute to the minimisation of risks and continuous improvement of the security process, and audits are carried out to guarantee the effectiveness of the Information Security Management System
This Policy must be understood, assumed and observed by all nettaro personnel and its collaborators. It shall also be available to any person interested in it.
In Madrid, 08 Th february 2024
Managing Director de nettaro.