The Information Security Management System (ISMS) covers all information, information systems, processes and people for ICEMI’s business processes.
Being the scope:
“The Information Security Management generated by the assets, processes and information systems of ICEMI, as suppliers of turnkey projects, working in all plants of the automotive process: bodywork, painting and final assembly from its headquarters in Almussafes, Valencia”.
ICEMI’s management has decided to promote and disseminate the following policy at all levels of the company:
“Each owner of the information in ICEMI, shall ensure the proper implementation and compliance with the security standards and procedures established within their area of responsibilities, maintaining adequate protection of assets, preventing unauthorized access and / or leakage of information”.
This policy is based on the following principles:
- Protect the information resources and technology used for its processing, against threats; internal or external, deliberate or accidental, to ensure compliance with the confidentiality, integrity, and availability of information.
- Incorporate security measures in information systems from their development and implementation to their maintenance, in order to reduce the risks of human error and natural events.
- Ensure continuous improvement of information security:
- Keeping ICEMI’s Security Policy updated, in order to ensure its validity and level of effectiveness.
- The Policy will be reviewed annually in order to keep it updated. Likewise, it will make any necessary modifications based on possible changes that may affect its definition, such as technological changes, impact of security incidents, etc.
- Establishing a methodology for clear and efficient information management through guidelines and policies.
- Awareness to the organization about the importance of information security avoiding situations that may result in a security incident. As well as reminding them of their responsibility for the responsible use of the information resources made available to them.
- Preventing unauthorized access to information systems, databases and information services.
- Measurable safety objectives are established, under a criterion of continuous improvement.
- Risks are constantly monitored with the collaboration of all critical areas.
- Appropriate structures and investments will be in place according to the identified risks and information protection needs.
- Secure internal and external information exchanges will be made with business stakeholders.
- We will ensure the protection of the privacy of personal data provided by our customers, employees and suppliers.
- The evolution of information security will be analyzed, and depending on the results, action plans will be implemented when applicable.
In order to implement the ISMS, ICEMI is committed to promote a culture of security in the organization, among others, through the implementation of appropriate security controls and to provide resources and internal communication so that this work is a work of the entire organization.
Non-compliance with the guidelines contained herein will be analyzed individually and will follow internal disciplinary processes.