Information Security Policy

INFORMATION SECURITY POLICY

The Information Security Policy sets forth the guidelines and principles established by CEDIAto guarantee information security and the achievement of its defined objectives, thereby ensuring the confidentiality, integrity, and availability of information systems.  
  
CEDIA recognizes the importance of safeguarding the privacy and security of information belonging to its members, suppliers, and collaborators. In this context, this policy constitutes the framework for the Information Security Management System based on the ISO 27001 standard, whose objectives and planned activities aim to improve its information security management.
  
's management CEDIA recognizes the vital importance of information security and compliance with personal data protection regulations in the workplace; therefore, it assumes and establishes the following commitments regarding the Information Security Management System and Information Privacy:  

Establish information security objectives aligned with the corporate strategy, ensuring consistent and proactive management of security-related risks.  
Integrate security and privacy requirements into all organizational processes, ensuring that it is an essential component in every activity.  
Allocate and guarantee the physical, human, economic and technological resources necessary to maintain a robust and effective information security management system.  
Communicate the importance of effective information security and privacy management, ensuring that all members of the organization understand their role and responsibility in protecting confidential and restricted information.  
Regularly evaluate the performance of the information security management system and take steps to improve and optimize the expected results.  
Provide direction and support to all employees to foster an information security culture in which each individual contributes to the effectiveness of the ISMS.  
Promote the continuous improvement of the information security management system through the constant review of processes, policies, and practices.  
Provide regular training to all CEDIA staff on security management so that they are aligned with best practices and regulatory requirements.  
Ensure that CEDIA staff comply with all policies, procedures, and instructions related to information security and data privacy.  
To promote a secure work environment where information security and privacy are key priorities. Through the implementation of this policy, we seek to safeguard the confidentiality, integrity, and availability of information systems.

1.1 Objectives

Increase the Information Security competence of employees.
To properly manage information security risks.
Improve response to Information Security Incidents.
Ensure that appropriate levels of integrity, confidentiality, and availability are met.
Ensure the continuity of CEDIA 's critical services by implementing a Business Continuity Plan.
Measure the level of stakeholder satisfaction regarding information security.

To ensure the proper functioning of the ISMS and to meet the established objectives and requirements, CEDIA 's management has appointed an ISMS Manager and an Information Security Committee that will ensure compliance with the guidelines set by this policy.

1.2 Revision

The Information Security Policy, as well as the Information Security Management System (ISMS) processes, are subject to periodic reviews at planned intervals or when significant changes occur. These reviews are conducted to ensure that the policy and processes remain appropriate, effective, and efficient on an ongoing basis. These reviews are scheduled annually as part of the ISMS internal audit process. Monitoring procedures have also been implemented to provide essential information on the proper functioning of the ISMS. These monitoring procedures allow for continuous evaluation and effective oversight of the effectiveness of our information security measures. In this process, management plays a crucial role by leading the ISMS review; through in-depth analysis, potential areas for improvement and deficiencies in the ISMS are identified to implement enhancements and ensure its optimal functionality.  

1.3 Communication

The Information Security Policy is communicated internally through the corporate intranet and in the annual staff training plan. A copy of this policy statement is also available to external stakeholders of CEDIA through the corporate website. This communication strategy ensures that both employees and external stakeholders can access and clearly understand our commitments to privacy and information security. We are committed to the transparent and responsible disclosure of our policy, demonstrating our firm commitment to information security and privacy in all aspects of our operations.

About us

Our members

SDGs

Ministerial agreement

Statutes

Institutional Image

Value Chains

CTI diagnosis

Connectivity

Security

Infrastructure

Multimedia

Academic Applications

Academic Resources

Connect Funds

Fill the Gap Accompaniment

Fill the Gap Training

Editorial

Digital

Connect Articulation

Community of Rectors

Divulgation

Brochures

Manuals

Infographics

Connect Magazine

Campus Magazine

Books

Annual reports

News

CEDIA Blog

Newsletters

Testimonials

Funds and Partners

CEDIA in the media

Work with us

Calendar

CEDIA Awards

tical

REDU

ESTALMAT

CIO University

Copernicus

Open Innovation Club

COMINN

EENTITLE

IGNOVA

Internationalization Congress for STI

TICEC

INFORMATION SECURITY POLICY