The Management of DISSIMILITY COMUNICACIÓN SL, aware of the importance of information security, puts into play the necessary resources to achieve that in the provision of its Event Management services, openly states its intention to offer competitive services to all its customers; for this reason, has implemented a management system information security within the organization, whose main objective is to achieve business objectives and customer satisfaction at all times ensuring the security of information through processes established and based on a process of continuous improvement, ensuring the continuity of information systems minimizing the risk of damage and ensuring compliance with the objectives set to ensure at all times the confidentiality, integrity and availability of information.
To this end, it assumes its commitment to information security according to the ISO/IEC 27001:2017 reference standard, whereby the General Management establishes the following principles:
- Management competence and leadership as a commitment to develop the Information Security Management System.
- Determine the internal and external stakeholders that are relevant to the information security management system and comply with their requirements.
- Understand the context of the organization and determine the organization’s information security opportunities and risks as a basis for planning actions to address, assume or deal with them.
- To ensure the satisfaction of our customers, including the parties interested in the company’s results, in all matters relating to the performance of our activities and their impact on society.
- Establish objectives and goals focused on the evaluation of performance in Information Security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.
- Compliance with the requirements of the legislation applicable and regulatory to our activity, the commitments acquired with customers and interested parties and all those internal rules or guidelines to which the company is subject.
- To ensure the confidentiality of the data managed by the company and the availability of the information systems, both in the services offered to customers and in internal management, avoiding undue alterations to the information.
- Ensure the capacity to respond to emergency situations, restoring the operation of critical services in the shortest possible time.
- Establish the appropriate measures for the treatment of risks derived from the identification and evaluation of assets.
- Motivate and train all personnel working in the organization, both for the correct performance of their job and to act in accordance with the requirements imposed by the Standard of reference, providing a suitable environment for the operation of the processes.
- Maintaining fluid communication both internally, between the different levels of the company, as well as with clients.
- To evaluate and guarantee the technical competence of our personnel for the performance of their functions, as well as to ensure their adequate motivation for their participation in the continuous improvement of our processes.
- To guarantee the correct state of the facilities and adequate equipment, in such a way that they are in correspondence with the activity, objectives and goals of the company.
- Guarantee a continuous analysis of all relevant processes, establishing the pertinent improvements in each case, based on the results obtained and the established objectives.
These principles are assumed by the General Management, which has the necessary means and provides its employees with sufficient resources to comply with them, and makes them public through this Information Security Policy.
