This Security Policy document is aimed to define the security requirements for the proper and secure use of the Information Technology services in our Organization. Zimmic has determined that it is strictly fundamental to maintain the quality and security of the information in order to provide its customers with transparency, integrity, and professionalism when managing their data and/or assets.
The framework for this Information Security Management System (ISMS) is based on: integrity, confidentiality and availability of information.
This policy also established the actions within the ISMS in order to avoid any inadequate use (disclosure, destruction, fallacious modification, inappropriate use, etc.) of the information and data of our customers, collaborators and suppliers.
Upper Management as part of their policy commits to:
- Establish an annual plan for the ISMS in compliance with our Organization’s mission and vision.
- Define the methodology to identify, document and manage the risks and opportunities of information security within the activities set forth by our Organization.
- Ensure compliance with legal requirements, contractual obligations, and customers’ requirements and expectations.
- Define the methodology to identify, execute and evaluate skills and training necessary in order for our collaborators to have availability to the tools required to comply with the Security Policy defined by Management.
- Define the methodology for the identification, documentation and corrective actions in the events of incidents, divergence, omission, negligence, etc. committed by any individual who’s actions affect the services (internal or external) provided by the Organization.
- Ensure that all our collaborators are responsible of identifying, documenting, and reporting any breach or non-compliance established in the ISMS, whether it is suspected or confirmed according to the defined procedures.
- Define the necessary means to ensure business continuity under any contingency event.
- The Organization commits to the use of information technology tools that are aligned with the objectives and policies included in the ISMS. Those tools that do not comply, but their use is identified as necessary for the business, will be allowed under strict recurrent controls.
- The Organization commits to complying with the requirements set forth by the ISO 27001 standards in its current version.
This Security Policy shall be reviewed by Management on an annual basis in order to guarantee its applicability to the Information Security Management System standards to ensure its adaptability and recurrent feedback for continuous improvement.