The purpose of this policy is ensuring the continuity of Opensoft’s business through regularly analyze potential risks and develop activities aimed to reduce them and their potential impacts.
This policy applies to all information under the responsibility of Opensoft, either itself or third parties.
This policy is designed to protect Opensoft’s information assets from internal, external, deliberate or accidental threats.
This policy ensures that:
• There will be no unauthorized access to any information;
• Confidentiality of information will be always assured;
• The integrity of information will be maintained;
• Availability of information for business processes will be maintained;
• The legal requirements will be met;
• Training on information security will be provided to all employees;
• Any breach of security of information will be reported to the Information Security Officer and properly treated.
The implementation of this policy will be ensured through the procedures in force in the company.
Availability requirements for information systems will be met.
The application of this policy is mandatory.
This policy and its procedures are included in the process of continuous improvement of the company and will be reviewed annually by the Board.
The management system to support this policy will be certified by ISO 27001:2013.