Security policy and service management

ISO_IEC_27001_RGB.png
ISO IEC 20000-1_RGB.png

IRIUM, aware of the need to protect one of the company's most important assets against any unauthorized access that could compromise the confidentiality, integrity or availability of information, has implemented a management system based on ISO 27001 and ISO 20000-1 standards.

In order to achieve these objectives, the corresponding committee, together with the support and leadership of the Management, has defined and established a series of measures and procedures that are periodically analyzed and evaluated through audits.

  • The definition of the Security Policy is available to all those involved in it.

  • Incorporation of legislative controls that contribute to the compliance with all legal requirements that affect us in terms of Information Security.

  • Preparation of training and awareness plans for employees regarding security, in which the measures and resources available to the company for the protection of information are stated.

  • Informing the employees of their roles and obligations, as well as the responsibilities that they entail.

  • Assignment of roles and responsibilities for the protection of information, defining the processes, assets and risks and identifying their owners.

  • Generation of procedures to ensure the proper treatment of incidents that occur and requests made in relation to Information Security and Service Management.

  • Implementation of processes to reduce the impact of failures or natural, accidental or deliberate disasters, consisting of a combination of preventive and corrective controls and the identification and registering of potential issues to ensure the availability and continuity of services.

  • Definition of service characteristics in order to define our catalog and service levels.

  • Continuous improvement and modification of both management and resource systems in order to align them with changing needs and ensure their availability.

  • Management and assessment of providers in order to verify compliance with security measures and agreed service levels.

  • Identification of possible changes to cover business needs, with the validity of deliveries being evaluated and reviewed in line with agreed costs, deadlines and quality requirements.

  • Registration and monitoring of all critical configuration items for the provision of services, providing precise and up-to-date information on the state and relationships of the configuration items through the implementation of a Configuration Database (CMDB).

  • Evaluation of costs and budgets in order to guarantee the financial viability of the services provided and/or planned.

MANUEL RUBIO

Managing Director

IRIUM