The Management of VASAVA approaches the Information Security Management System as a way of organizing the company’s operations based on information security criteria, in accordance with the requirements of the ISO/IEC 27001:2022 standard, in order to ensure the continuity of information systems, minimize the risk of damage, and ensure compliance with the established objective. This objective is to provide the necessary framework for action to protect information resources against internal or external, deliberate or accidental threats, thereby ensuring the confidentiality, integrity, and availability of information. Likewise, all necessary measures will be implemented to comply with the applicable security regulations relating to policies, the security of buildings and facilities, and the behavior of employees and third parties associated with VASAVA in their use of information systems. To this end, VASAVA has:
• Adequate human resources.
• The necessary technical resources.
• Secure facilities.
• Proven experience in the management of outsourcing solutions.
• Technical and control tools.
Our vision is that the best results are achieved by joining forces with our clients, working closely with their teams, and establishing solutions that align with their business objectives; seeking the best solutions to improve productivity and cost savings. Achieving, maintaining, and improving the level of security desired by the company can only be accomplished through the commitment and participation of all personnel, and by making full use of their creative potential and skills.
The Management of VASAVA establishes the following as fundamental objectives, a starting point, and support for the objectives and principles of information security:
• Information security is achieved by planning, implementing, reviewing, and improving the Management System to prevent potential errors.
• The planning of risk treatment to ensure the availability, integrity, and confidentiality of information linked to service provision.
• The integration of information security risks into the planning of new processes and the modification of existing ones.
• Both Management and staff of VASAVA commit to complying with the applicable legal and regulatory requirements, including the protection of personal data and individuals’ privacy, as well as the protection of intellectual property rights.
• Only through the continuous improvement of processes, methods, services, etc., can greater internal effectiveness be guaranteed, a better response to clients’ expectations be achieved, and therefore improved customer satisfaction.
• VASAVA personnel, regardless of their roles and responsibilities, must analyze the data available to them regarding the activities they perform in search of opportunities for improvement.
• For this reason, continuous improvement must be a permanent objective for everyone and apply to all activities carried out at VASAVA.
The participation and collaboration of all involved parties are required; therefore, this Policy is communicated to all company personnel for their knowledge and understanding, as well as to the relevant interested parties of the organization.
For the effective application of these principles, the support of both the management team and the entire workforce is absolutely essential.