Security of Information Policy (CIA)
From WiseGroup we are aware of the importance it has for our clients, by the nature of our services dedicated to functional safety, the safety of people, the security of assets, industrial cybersecurity and critical infrastructure, to have an information management system that meets the requirements of the projects and services we provide.
Our information security document management system is aligned and integrated with the ISA/IEC-62443 series of industrial cybersecurity standards for a supplier and incorporates the requirements for every related services and projects.
Our management system has scope over all the information managed by WiseGroup, which must be and is treated according to its classification without exception. It includes all the information that is received as well as all the information that is generated by the sales, engineering, services, productive and administrative units of WiseGroup.
It is a fact that information security has become a key aspect to be considered by security companies and one of the biggest concerns today. Clear proof of this is that, currently, there are organizations – both public and private – focused exclusively on security issues and have published guidelines to help companies cope with security problems.
An example is the ISO 27002 standard. It is a standard implemented by the International Standards Organization, which deals specifically with information security. ISO 27002, originally published as a renaming of the ISO 17799 standard, describes an infinity of possible controls and control mechanisms for greater security of documents and business data.
And finally, a good document security system, usually implemented through a document management system, not only protects the company but also improves the perception and confidence of customers and users in terms of service quality or the product that we offer, sell, provide, support and maintain.
The management of confidential documents is essential in the development of our activities to ensure adequate treatment of sensitive data regarding security, availability, privacy, and compliance with legal provisions. To this end, we implemented an internal policy aimed specifically at regulating the treatment of confidential documents.
The absence of control implies exposure to serious risks. All confidential or personal data, regardless of the support in which they are located, must be handled in such a way that it is guaranteed always, the security of the information they contain either during use, file, custody, transfer or destruction, so that only authorized personnel can be accessed in compliance, in addition to the guarantees required by law and/or the requirement of our customers.
Confidential documents contain sensitive information that requires protecting your security, privacy, integrity, or availability. Instead, non-sensitive information is not subject to special protection and can be shared with anyone. Known as “classified information” is a special type of sensitive information whose access is subject to restrictions imposed by governments or other agencies because their disclosure may impair the interests of our clients and the security of their Assets.
Confidential document management includes aspects of the identification of confidential documents, classification, storage, utilization, distribution, access control or follow-up procedures, among others.
For the confidential documents to be treated properly, we have a classification methodology in order to protect the information that, to become public, it could harm its owner or affect their safety and or security. The grading process may require an impact assessment. Depending on the possible damage that the information could cause in the event of falling into the wrong hands, the classified information is typically marked with one of several hierarchical levels of sensitivity, such as Critical, Strictly Confidential, Confidential, Private/Restricted or Public.
Confidential document management policies must be applied to all documents generated in the enterprise with confidential information and data sensitive whatever the support, both for digital format and paper and others, since the rules applicable to data security refers to all types of media.
To ensure the security of the information contained in the confidential documents, we make sure that computer systems and corporate networks, that in principle are systems that can be insecure for the problems generated by viruses or hackers, are managed in a proper way determining in other respects, who has the privilege of accessing a document as well as to its location, conservation, security or recovery in case of loss or destruction of the file. These precautions and safety measures must also be applied to the paper holder.
We establish internal standards in terms of confidentiality and information security so that all documents containing confidential data and/or sensitive, regardless of the support in which they are located, are managed during their use, filing, custody, transfer and destruction in such a way that only authorized personnel can access them with the guarantees required by law if they exist or by our clients on demand of contracts.
Privacy and data confidentiality is an increasingly important issue for many organizations, especially for security services such as those we developed at WiseGroup, so companies that handle sensitive data in a regular way they must be very careful in the treatment of such information so that their clients are sure that their privacy will be respected always. And this depends on the prestige, the image of the company and the safety of the critical infrastructure, essential for business and operations to work.
For the purposes of the classification we have adopted the following criterion according to the following degrees of sensitivity of the information:
When destroying data carriers containing confidential information (either paper, microfilm, perforated chips, optical media such as CD or DVD, magnetic media such as hard drive, ID cards or floppy disks, electronic media such as USB flash drives or Chip cards) DIN 66399, which regulates the destruction of data carriers, establishes 4 (four) levels of security with respect to data carriers:
To the effects of giving adequate treatment to all the information that is received, generated and managed by WiseGroup we introduce the following class definitions. Classes can be applied to documents, manuals, programs, designs, engineering, configurations, systems, information and/or hardware.
Our document management system must keep the audit trails of the operations carried out. It is in this way that we can carry out thorough monitoring of the documents with the possible modifications made and the people who have accessed them. Thus, an auditor will be able to trace the data to be able to reach the source document.
We actively protect our computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services we provide. Our systems are actively monitored for cyber attacks and malware, including ransomware attacks. We always encourage our members to use our secured systems and approved applications enforcing security procedures and best practices.
Leave this empty:
Signed by Secure Documents
Signed On: July 13, 2019
If you have questions about the contents of this document, you can email the document owner.
Document Name: Security of Information Policy (CIA)
Agree & Sign