Cerrar
Members' Area
ES EN

Overview

  1. Scope
  2. Information Security Objectives
  3. Violation of the Policy
  4. Policy Update

Information Security Policy

At ATAM for Family Support, hereinafter “the Association“, information security is a fundamental pillar for guaranteeing the trust of our members, beneficiaries, employees, suppliers, partner organizations, and other stakeholders. The Association is committed to protecting the personal and corporate data it processes, adopting a proactive approach based on continuous improvement, incident prevention, and regulatory compliance. This Policy establishes the framework for information security management, in accordance with ISO/IEC 27001:2022, and aims to protect the confidentiality, integrity, availability, and resilience of the information under the Association’s control.

Scope

This Information Security Policy applies to:

  • All information managed by the Association, regardless of its format or medium.
  • All employees, contractors, suppliers, and third parties who have
    access to the Association’s systems, networks, data, and/or facilities.
  • The processes, systems, and applications that support the Association’s services, as well as the Information Technology (IT) processes.

Information Security Objectives

In accordance with the Association’s mission and values, the following general information security objectives are established, which constitute the framework for the Information Security Management System (ISMS):

  • To comply with applicable legal, regulatory, and contractual requirements regarding data protection and information security.
  • To guarantee the protection of personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable regulations.
  • To ensure the continuity of critical services, minimizing the impact of potential security incidents and restoring operations within acceptable timeframes.
  • To promote an organizational culture of information security, fostering awareness and training for all individuals who are part of the Association.
  • To implement control, prevention, and monitoring measures commensurate with the identified risk level.
  • To maintain the continuous improvement of the ISMS through periodic reviews, internal audits, and the correction of detected deviations.

Violation of the Policy

Failure to comply with this Information Security Policy may result in:

  • The adoption of internal disciplinary measures, in accordance with applicable regulations.
  • The initiation of legal action in cases of gross negligence or intentional non-compliance.
  • The review or termination of contractual relationships with third parties.

Policy Update

This Policy may be reviewed and updated periodically in order to adapt to regulatory, organizational, or technological changes, as well as to the results of risk assessments and audits of the Information Security Management System.