ISMS Security Policy

Information updated as of 02/11/2021

OBJECTIVE

The global objective of the Information Security of UNIWAY TECHNOLOGIES, S.L. is to guarantee the criteria of Confidentiality, Integrity and Availability of the information, as well as the continuity of the services offered to our clients in the event of service disruptive events, articulating for this a set of internal processes to respond in an orderly manner to an event, minimizing the impact on business, information and customers.

The Information Security Management System (ISMS) Policy establishes a framework of common action that impacts the culture of the company and the fulfillment of common objectives, by which all resources must be involved in the correct operation of security controls and continuity plans established in UNIWAY TECHNOLOGIES, S.L.

 

SCOPE

 

The information systems that support the Cloud Computing Platform located at the UNIWAY Datacenter that offers services to UNIWAY customers and distributors.

 

RESPONSIBILITIES

 

The main figure responsible for the Policy is the Information Security Management System Committee and the System Manager, as they are in charge of reviewing and approving the different information security strategies and processes, ensuring their quality and effectiveness.

The functions and obligations to coordinate and execute the Information Security principles are developed in the ISMS documents.

 

INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

  • Guarantee that the services agreed with the different clients are provided in the event of a disaster at UNIWAY TECHNOLOGIES, S.L. and the business processes that support it.
  • Protect the security of the resources at UNIWAY TECHNOLOGIES, S.L., either in daily management or in case of a company emergency.
  • Periodically establish improvement objectives in line with this policy.
  • The Management of UNIWAY TECHNOLOGIES, S.L. will be responsible for the management of the key risks for the security of the information and the operational continuity of the processes considered critical for the organization.
  • Prepare a Continuity Plan that allows to recover from a disaster, in the shortest possible time.
  • Train and educate all employees on information security.
  • UNIWAY TECHNOLOGIES, S.L. will ensure that all internal resources are fully informed about their responsibilities within the framework of Information Security.
  • UNIWAY TECHNOLOGIES, S.L. must minimize information security risks, ensuring effective response plans to incidents.
  • UNIWAY TECHNOLOGIES, S.L. will guarantee the preparation of appropriate communication plans, both internal and external, which will be reviewed and updated periodically.
  • Make clear the commitment of the Management in regard to Information Security in line with the business strategy, by supporting the ISMS Committee, providing it with the necessary means and powers to carry out its functions.
  • Define, develop, and implement the technical and organizational controls necessary to guarantee the Confidentiality, Integrity and Availability of the information managed in the organization.
  • Guarantee compliance with the current legislation on the protection of personal data, intellectual property, and the information society, as well as all applicable legal, regulatory, and contractual requirements..
  • Create a “safety culture” both internally, regarding all personnel, and externally, regarding customers and suppliers.
  • Consider the Information Security Management System as a process of continuous improvement, carrying out periodic reviews with the aim of achieving increasingly advanced levels of information security.