INFORMATION SECURITY POLICY
The Privacy and Information Security Policy establishes the guidelines and principles established by CEDIA , to guarantee the protection of information, as well as compliance with the defined security objectives; thus ensuring the confidentiality, integrity and availability of information systems.
CEDIA is committed to complying with Ecuadorian regulations on the protection of personal data and recognizes the importance of safeguarding the privacy and security of the information of its members, suppliers and collaborators. In this context, this policy constitutes the reference framework of the Information Security Management System based on the ISO 27001 standard and the Organic Law on Protection of Personal Data of the current legislation and the guidelines of the Data Governance Program, whose set of objectives and planned activities seeks to reach CEDIA institutionally to improve its data management.
CEDIA management recognizes the vital importance that information security and compliance with regulations on the protection of personal data have in the work environment; By virtue of this, it assumes and establishes
the following commitments in relation to the Information Security Management System and Information Privacy:
- Establish information security objectives aligned with the corporate strategy, ensuring coherent and proactive management of security-related risks.
- Integrate security and privacy requirements into all organizational processes, ensuring that it is an essential component in each activity.
- Allocate and guarantee the physical, human, economic and technological resources necessary to maintain a robust and effective information security management system.
- Communicate the importance of effective information security and privacy management, ensuring that all employees of the organization understand their role and responsibility in protecting confidential and restricted information.
- Regularly evaluate the performance of the information security management system and take steps to improve and optimize expected results.
- Provide direction and support to all collaborators to foster a culture of information security and protection of personal data, in which each individual contributes to the effectiveness of the ISMS.
- Promote continuous improvement of the information security management system, through the constant review of processes, policies and practices.
- Ensure the protection of the privacy of data and personal information, complying with applicable privacy regulations and standards.
- Support relevant roles and areas of responsibility to demonstrate leadership in protecting information privacy.
- Periodically train all CEDIA staff in relation to security management, information privacy and personal data protection, so that they are aligned with best practices and regulatory requirements.
- Ensure that CEDIA personnel comply with all policies, procedures and instructions related to information security and data privacy.
- Facilitate the necessary means to implement processes and projects that contribute to compliance with regulations on the protection of personal data.
- Promote a safe work environment, where information security and privacy are key priorities. Through the implementation of this policy, we seek to safeguard the confidentiality, integrity and availability of information systems, as well as respect and protect the privacy of data. We are committed to continuous improvement and compliance with relevant security and privacy regulations and standards.
1.1.1. About Security:
- Increase the Information Security competence of collaborators.
- Carry out adequate management of Information Security risks.
- Improve the response to Information Security Incidents.
- Ensure that appropriate levels of integrity, confidentiality and availability are met.
- Guarantee the continuity of CEDIA 's critical services by applying a Business Continuity Plan.
- Measure the level of satisfaction of interested parties regarding information security.
1.1.2. Privacy and Protection of Personal Data:
- Ensure the confidentiality, integrity and availability of information.
- Comply with current and applicable legal requirements.
- Generate a culture of privacy through ongoing training and awareness of all employees regarding the protection of personal data.
- Meet the expectations and needs regarding the protection of personal data of collaborators, members, suppliers and other interested parties.
- Adequately manage all incidents that occur as established in current internal instruments, which are aligned with good industry practices.
- Inform all collaborators about their functions and responsibilities for the protection of personal data, at the same time communicating that this policy is mandatory.
- Permanently apply the continuous improvement plan for personal data protection in the organization.
- Establish the principles and rules for compliance with the Data Governance program, Information Security Management System, in strict compliance with current regulations on Personal Data Protection; with the firm will to respect the right to data protection of all natural persons subject to treatment at CEDIA , as well as their right to honor and privacy.
- Awaken interest in the personal data protection regulations in all collaborators since respecting the precepts included in the regulations is the responsibility of all CEDIA members.
- Maintain over time the regulatory compliance procedures that have been implemented in the organization.
- Disseminate the security standards, measures and safeguards that affect CEDIA personnel, in the development of their functions that affect personal data.
To ensure the correct performance of the ISMS and comply with the established objectives and requirements, the management of CEDIA has appointed a Head of the ISMS, Responsible for the Protection of Personal Data and an Information Security Committee that will ensure compliance with the established guidelines. by this policy.
The Privacy and Information Security policy, as well as the processes of the Information Security Management System, and the Internal Personal Data Protection Program, are subject to periodic reviews at planned intervals or when significant changes arise. These reviews are made to ensure that the policy and processes remain appropriate, efficient and effective on an ongoing basis. These reviews are scheduled annually in the ISMS internal audit process and regulatory compliance in personal data protection.
Likewise, monitoring procedures have been implemented that provide essential information on the adequate performance of the ISMS. These monitoring procedures allow for constant evaluation and effective monitoring of the effectiveness of our information security measures. In this process, Management is important in leading the review of the ISMS; Through an in-depth analysis, possible areas of improvement and deficiencies in the ISMS are identified to make improvements and guarantee its optimal functionality.
The Privacy and Information Security policy is communicated internally through the corporate intranet and in the annual staff training plan. The statement of this policy is kept available for interested parties external to CEDIA through the corporate website.
This communication strategy ensures that both collaborators and external stakeholders can clearly access and understand our commitments to privacy and information security. We are committed to transparent and responsible disclosure of our policy, demonstrating our strong commitment to information security and privacy in all facets of our operations.