Vincle, in compliance with standard ISO 27001:2013, and given the importance of information systems, establishes the following fundamental principles for information security:
- Regulatory compliance: all the information systems are adapted to the legal and sectoral regulations that apply and which affect information security, in particular those related to personal data protection, systems security, data, communications and electronic services.
- Risk management: the risks are minimised to acceptable levels, seeking a balance between the security controls and the nature of the information. The security objectives are established, reviewed and coherent with the information security aspects.
- Training and awareness raising: training and awareness-raising programmes and campaigns to heighten awareness regarding information security are organised for all users with access to the information.
- Availability, integrity and confidentiality:
- The availability of the information is guaranteed, ensuring the continuity of the business supported by the information services through contingency plans.
- The integrity of the information being used is ensured, guaranteeing that it is concise and correct, with emphasis on accuracy, of both the content and the processes involved.
- The confidentiality of the information is guaranteed, in such a way that only authorised persons have access to it.
- Proportionality: controls are implemented to mitigate the security risks, while seeking a balance between the security measures, the nature of the information and the risk.
- Responsibility: all members of VINCLE are responsible for information security through their conduct, and comply with the standards and controls established.
- Ongoing improvement: the degree of effectiveness of the security controls implemented in the organisation is reviewed on an ongoing basis, to increase the ability to adapt to the constantly evolving risk and changes in the technological environment.
Barcelona, 17 December 2020.