TRIBALYTE aims to protect its customers and its business objectives by offering its stakeholders a safe working and information environment by means of appropriate control measures and operational processes.
The principles to be guaranteed are:
- Confidentiality: Information must be known only by authorised persons.
- Integrity: Information must be complete, accurate, valid and not subject to manipulation.
- Availability: The information must be accessible to authorised users at all times and its persistence must be guaranteed in the event of any eventuality.
Information security must be flexible, effective and support the company’s business model:
- Access to information must be controlled and based on the person’s role in the organisation.
- The services provided must be secure from any access point when connected to the company’s infrastructure.
- Security measures must guarantee the requirements of confidentiality, integrity and availability of information and services.
- Security measures must guarantee the privacy of personal data in compliance with current legislation and contractual terms with customers and users.
- Information security must be aligned with the business organisation, the security requirements of our customers, applicable legislation and industry best practices.
- The organisation has an integrated Information Security Management System that has been approved and is promoted by the Management.
- The organisation is based on the continuous improvement of both the production processes and the efficiency of the Management System in which preventing errors is a fundamental aspect.
This policy is reviewed and approved by management annually or whenever significant changes occur to ensure that its suitability, adequacy and effectiveness are maintained.
- Applicability of the Policy
- This information security policy is mandatory within its scope. Employees, collaborators, subcontractors and suppliers of the company must be aware of and comply with this policy in accordance with their role when dealing with company or customer information.
- This policy is based on the standards established by the international standard ISO/IEC 27001:2013. The application of the standard involves a risk analysis carried out on the organisation’s information assets, the result of which is the provision of controls that eliminate or minimise such risks.
- Scope of use of the policy
- This policy sets out the minimum requirements to ensure continuity of operations. Effective information security is a joint effort that requires the participation of all employees and collaborators of the company who work with information assets. The information security policy applies to all information assets: services provided, people, technology, suppliers and infrastructures.
- This policy is reviewed and approved by the Management on an annual basis or whenever significant changes occur, in order to ensure that its suitability, adequacy and effectiveness are maintained, for the record, this Information Security Policy is signed in Madrid, on 2 November 2021 by Tribalyte Technologies S.L.