Safety committee

Edition: 01 Date: 25/11/2022

BISIONA’s Security Policy reflects the principles and objectives in terms of information security, the results of which allow our company to achieve its purpose of offering computer solutions for Software development and installation of customized systems. It is a technology company that focuses its Activity in the creation and implementation of customized software solutions that boost the activity of its clients, specializing in the integration of cutting-edge technologies within their applications and services (Data Science, artificial intelligence, etc.).

Through the elaboration, communication and maintenance of this policy, the BISIONA Management shows its commitment to protect the confidentiality of the information with which it operates in the provision of its services, guarantee its integrity in all the treatment processes that it carries out, as well as the availability of the information systems involved in these treatments.

For this, the Management has defined and implemented an Information Security Management System that allows the company to guarantee that the information systems and the information that is created, collected, stored and processed complies with:

• Security in Human Resources Management, before, during and at the end of employment.
• The adequate management of assets that implies the classification of information and the manipulation of supports, and the establishment of a robust logical access control to their systems and applications, managing the permissions and privileges of the users.
• The protection of the facilities and the physical environment, through the design of safe work areas and the safety of the equipment.
• The guarantee of security in operations by protecting against malicious software, making backup copies, establishing records and monitoring them. control of the software in use.
• The management of technical vulnerabilities and the choice of appropriate techniques for auditing Systems.
• The security of communications, protecting networks and the exchange of information.
  Assurance of security in the acquisition and maintenance of information systems, limiting and managing change.
• Performing secure software development, separating development and production environments, and performing appropriate functional acceptance testing.
• The control of relations with suppliers, contractually demanding compliance with the relevant security measures and acceptable levels in their services.
• The effectiveness in the management of security incidents, establishing the appropriate channels for their notification, response and timely learning.
• Carrying out a business continuity plan that protects the availability of services during a crisis or disaster.
• Identification and compliance with applicable regulations, with a special interest in intellectual property and the protection of personal data.
• Periodic review and continuous improvement of our information security management system to guarantee compliance and effectiveness with these requirements.

All the organization’s personnel have the duty to abide by this policy, for which the Management has the necessary means and sufficient resources for compliance, and assumes the responsibility of communicating and keeping it accessible to all interested parties.