TRANXFER Management, aware that information and PII (Personally Identifiable Information) is a highly valued asset within the Organization and that requires adequate protection, has decided to implement an Information Security and Privacy Management System ( ISMS/SGPI) in order to protect it from threats and ensure the continuity of business lines, to minimize damage and maximize return on investment and business opportunities.
The scope of our Information Security and Privacy Management Policy is “Information system to provide Tranxfer software services for cybersecurity management for collaborative environments. In addition to its development, deployment, support and privacy, according to the current applicability statement.”, in accordance with the requirements of ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27701 and RGPD.
The TRANXFER Management defines the security and privacy of information as the preservation of the following fundamental characteristics:
- Confidentiality, ensuring that only those who are authorized can access the information.
- Integrity, ensuring that the information is not altered during storage, treatment or transit.
- Availability, ensuring that authorized users have access to information and its associated assets when necessary.
- Proportionality and legality of the treatment of PII.
TRANXFER Management establishes the following objectives as a basis, starting point and support for the objectives and principles of information security:
- The protection of PII and the privacy of individuals.
- The protection of intellectual and industrial property rights.
- The establishment of a system to classify information and safeguard the organization's records.
- Assignment of security and privacy responsibilities.
- Training and capacity for information security.
- Record security and privacy incidents and learn from them.
- Manage business continuity.
- Compliance with legislation and other regulations on security and privacy.
- The guarantee of the confidentiality, integrity and availability of the information that supports the service objectives of this system.
The Management of TRANXFER, through the preparation and implementation of this Information Security and Privacy Management System, adheres to the following commitments:
- Annual objectives are established in terms of Information Security and Privacy.
- A risk analysis process is developed and, based on the results, the corresponding actions are implemented to deal with the risks considered unacceptable.
- The control objectives are established, as well as their corresponding controls, based on the needs derived from the risk management analysis process.
- Comply with business, legal, or regulatory requirements, as well as contractual security and privacy obligations.
- Information security and privacy awareness and training is provided to all staff.
- Promote and support the implementation of the necessary measures to minimize the risks of information exposure, complying with the strategic objectives defined each year.
- Business continuity management and development of continuity plans according to internationally recognized methodologies.
- Act at all times within the strictest professional ethics.
TRANXFER Management provides direction and support for information security and privacy in accordance with business requirements and applicable laws and regulations.
- As a client, TRANXFER's main cloud service provider has certifications and policies that implement all the regulations that TRANXFER complies with (National Security Scheme ENS, GDPR and ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27701 in progress ).
- TRANXFER, as a provider, guarantees data isolation, capacity provisioning, controlled and segregated access to assets, as well as system/network strengthening and segmentation. Related quality procedures, best practices, guidelines and policies are available to all employees and relevant external stakeholders.
This Policy provides the reference framework for the continuous improvement of the Information Security and Privacy Management System, as well as for establishing and reviewing the objectives of the ISMS/SGPI, communicated to the entire Organization, reviewed annually for their suitability and in extraordinary circumstances, when special situations and/or substantial changes occur in the ISMS/SGPI, being available to the general public.
Last revision: January 2022