At Cresteo, information security is a critical priority. This Security Information Policy outlines our approach to safeguarding, managing, and protecting information assets across the organization.
Our Information Security Policy
At Cresteo, information security is of vital importance. Therefore, we:
- Classify and protect information according to current regulations and evaluation criteria based on its significance to Cresteo.
- Identify and secure information assets in terms of their confidentiality, integrity, and availability, preventing unauthorized destruction, disclosure, modification, or use.
- Assess and address information security risks by implementing appropriate corrective actions to ensure operational sustainability.
- Establish annual objectives and an action plan to achieve them, which we review and update regularly to drive continuous improvement.
- Provide awareness and training to every organization member, fostering a permanent commitment to the process.
- Identify and comply with regulatory and contractual obligations concerning the information security requirements of our stakeholders.
- Allocate the necessary resources to strengthen our culture of responsibility and the sustainability of our Information Security Management System.
Scope
This policy applies to the entire organization.
Responsibilities
All members of the organization are responsible for complying with this policy.
References
N/A