SG Quality – SG Environment – SG IT Services – SG Information Security
The model recognises that excellence in all aspects of an organisation’s results and performance can be achieved on a sustained basis:
Good results (operation) are achieved by guiding people (leadership) to achieve the set objectives (improvement) and by bringing together people, material resources and best practices (structure) in the right way.
All this must lead us to a process of continuous change, ensuring that we do not return to old ways. Our system is dynamic: evolution and learning enhance the processes leading to improved results.
Consequence of applying the Model:
By satisfying ALL constituents the company GROWS
Customer satisfaction is at the heart of what we do. The customer is our guide. We do not care about how big they are; however, we do care about their trust in technology to improve their business.
Comply with our clients’ requirements vis-à-vis information security. Involve them in our commitment to information security, establish channels for reporting and coordination of the respective Security Committees and action procedures for reacting to security incidents as required.
Collaborate with our suppliers to provide us with suitable technological solutions and meet our customers’ needs.
Convey the requirements of the SG Information Security and the Security Regulations pertaining to such services or information.
Set out specific procedures for reporting and resolving incidents. Ensure that our suppliers are adequately security-aware. Take appropriate action in the event of non-compliance with these requirements.
Foster continuous training for all our people, including environmental awareness and sensitisation in terms of information security and occupational risk prevention.
Comply with the legal and regulatory requirements applicable to our activity, especially those governing information security, as well as the commitments voluntarily adopted, including environmental management regulations.
Adopt the commitment to prevent pollution and protect the environment. Undertake to implement measures to mitigate climate change as part of our business activities.
Continuously review our commitment to ensure the ongoing adequacy thereof.
Maintain, improve and enhance the process management approach in all areas of the organisation. Our Integrated Management System adopts a process-based approach: the first major process is the Management System itself. All Sothis, processes are built up from it in a hierarchical relational structure. A unique system
Take technical and organisational measures necessary to protect the availability, confidentiality and integrity of information, as well as to restrict and control access to information and how it is processed.
Put in place the necessary mechanisms to ensure that the continuous improvement of the Integrated Management System (SG Quality – SG Information Security – SG IT Services – SG Health and Safety) is part of everyone’s day-to-day life.
Maintain a controlled environment, minimising risks to acceptable levels in terms of information security by continuously updating security risk analysis and management.
To reduce the probability of occurrence and the effects of the materialisation of threats on the security of the system, including measures aimed at their prevention, detection and correction.
Provide and allocate the necessary resources for the correct execution of the works and to comply with the requirements set out.
Put in place the necessary measures to prevent, study and eliminate, whenever possible, factors that could negatively affect the management of services.
Keep the complete list of services in the service catalogue up to date and make it available to all our Employees, Customers and Suppliers.
Communicate and disseminate our commitment to all our People and make it available to anyone who requests it.
Ensure the protection of information, by correctly implementing security measures, correctly using the systems that process it that are the responsibility of the organisation, and limiting access on a need-to-know basis.
Maintain secrecy with respect to the information and not disclose it to third parties, unless the communications are part of the employment relationship and in compliance with the due guarantees of confidentiality. Only disclose information to third parties that offer sufficient guarantees to ensure that the processing is in accordance with the established requirements.
For Information Security to function correctly, it is necessary to create and set up the team that executes some of the key processes of this management system. We define the team, its members, responsibilities and the way it operates in procedure ST-PRO-494.
This committee is responsible for coordinating all Sothis’ security functions, ensuring compliance with applicable legal, regulatory and industry standards. It is also responsible for ensuring that security activities are aligned with the organisation’s objectives.
Within the framework of compliance with the ENS and ISO27001, and in order to form the structure of security officers, the following key roles have been determined:
Represented by the heads of each of the operational teams.
Responsible for the systems and communications infrastructure.
Represented by the organisation’s Director of the Facilities and Environment Area.
Responsible for establishing and maintaining the SG Information Security, standards, directives and procedures, represented by the Director of the Corporate Information Systems Area.
Represented by members of the management team as the senior information security officers.
Responsible for establishing and maintaining the process and continuous improvement system, represented by the DO Manager.
Internal auditors, monitoring, reviewing and auditing the security of the systems shall be performed by qualified, dedicated and trained staff at all stages of their lifecycle. Set out in process ST-PRO-650.
Sothis has coordination and conflict resolution mechanisms in place,
with the Management Team being responsible for management and decision-making in relation thereto. The details of the attributions, roles and their respective functions, as well as the processes are set out in the Roles and Responsibilities document ST-SIS-237.
ST-SIS-1
10/11/2022
Tu formulario se ha enviado correctamente-