Security Policy

The Information Security Management System (ISMS) covers all information, information systems, processes, and personnel involved in ICEMI’s business processes.

The scope is as follows:

“The Management of Information Security generated by ICEMI’s assets, processes, and information systems, as turnkey project providers, working in all stages of the automotive process: bodywork, painting, and final assembly, from its headquarters in Almussafes, Valencia.”

ICEMI establishes as its information security objectives the protection of the confidentiality, integrity, and availability of its critical assets, ensuring the continuity of turnkey projects in the automotive sector. To this end, it is committed to preventing security incidents, promoting staff awareness and training, ensuring compliance with applicable legal, regulatory, and contractual requirements, and continuously reviewing the ISMS, applying improvement actions when necessary.

The Management of ICEMI, led by its CEO José Luis Martínez Cirre, has decided to promote and disseminate the following policy at all levels of the company:

“Each information owner at ICEMI shall ensure the proper implementation and compliance with the established security rules and procedures within their area of responsibility, maintaining adequate protection of assets and preventing unauthorized access and/or leakage of information.”

This policy is based on the following principles:

  • Protect information resources and the technology used for their processing against threats—internal or external, deliberate or accidental—to ensure the confidentiality, integrity, and availability of information.
  • Incorporate security measures into information systems from their development and implementation through their maintenance, in order to reduce the risks of human error and natural events.
  • Ensure that information security at ICEMI is aligned with corporate strategy and directly contributes to achieving business objectives, guaranteeing the trust of clients, partners, and employees.
  • Ensure the continuous improvement of information security:
    • Keeping ICEMI’s Security Policy up to date to ensure its validity and effectiveness.
    • The IT Department shall review the Policy annually to maintain it updated. It will also make any necessary modifications due to potential changes that could affect its definition, such as technological changes, the impact of security incidents, etc.
    • Establishing a clear and efficient methodology for information management through targeted guidelines and policies.
    • Raising organizational awareness about the importance of information security to avoid situations that could result in a security incident, as well as reminding staff of their responsibility regarding the responsible use of information resources made available to them.
    • Preventing unauthorized access to information systems, databases, and information services.
    • Setting measurable security objectives under a continuous improvement approach.
    • Risks are constantly monitored with the collaboration of all critical areas.
    • Providing appropriate structures and investments in accordance with identified risks and information protection needs.
    • Ensuring secure information exchanges, both internal and external, with business stakeholders.
    • Safeguarding the privacy of personal data provided by our clients, employees, and suppliers.
    • Analyzing the evolution of information security and, based on results, applying action plans when necessary.

To implement the ISMS, ICEMI commits to defining responsibilities in the area of information security and fostering a culture of security throughout the organization. This will be achieved through the application of appropriate security controls and the allocation of resources and internal communication to ensure this work involves the entire organization. Likewise, ICEMI commits to complying with established legal, regulatory, and contractual requirements.

The current policy develops the following regulations in information security matters:

  • Information classification and asset management policy
  • Information security incident management policy
  • Project management policy
  • Risk management policy
  • Information security policy in HR management
  • Supplier evaluation policy
  • Physical security policy
  • Identity management policy
  • Information security policy in business continuity management
  • TFG (Final Degree Project Procedure)

Non-compliance with the guidelines set out herein will be analyzed individually and will follow internal disciplinary processes.