EIC ISO 27001

INFORMATION SECURITY POLICY

Strategic guidelines of the Information Security Policy

- Establish, implement and maintain an Information Security management system in order to ensure the protection of information assets that, like any other important business asset, have value to the organization and therefore need to be adequately protected and preserved;

- Protect information against threats, attacks and vulnerabilities, which may constitute a risk to business continuity, minimizing losses and maximizing the return on investments or commercial opportunities;

- Ensure that authorized persons and users have access to the information and associated assets, whenever necessary (availability, usefulness and confidentiality of the information);

- Safeguard the accuracy, integrity, authenticity and appropriate methods in processing information;

- Achieve information security through proper implementation of prevention measures, recovery measures and controls established to ensure that the specific security objectives and policies are achieved, as per the Declaration of Applicability approved for the system and the management commitment to meet all applicable requirements and continuous improvement of the system.