The objective of the Security Policy is to set the framework for action necessary to protect information resources against threats, internal or external, deliberate or accidental, to ensure compliance with the confidentiality, integrity, and availability of information.
The effectiveness and application of the Information Security Management System is the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination, and compliance of this Security Policy. In their name and representation, a person in charge of the Information Security Management System has been appointed, who has sufficient authority to play an active role in the Information Security Management System, supervising its implementation, development, and maintenance.
The Information Security Committee will proceed to develop and approve the risk analysis methodology used in the Information Security Management System.
Any individual whose activity may, directly or indirectly, be affected by the requirements of the Information Security Management System, is obliged to strictly comply with the Security Policy.
In BUGUROO all the necessary measures will be implemented to comply with the applicable regulations on general security and computer security, related to computer policy, the security of buildings and facilities, and the behavior of employees and third parties associated with BUGUROO in the use of computer systems. The measures necessary to guarantee the security of information through the application of standards, procedures, and controls must ensure the confidentiality, integrity, availability of information, essential for:
- Comply with current legislation on information systems.
- Ensure the confidentiality, integrity, and availability of the data managed by BUGUROO.
- Ensure the availability of information systems, both in the services offered to customers and in internal management.
- Ensure the ability to respond to emergencies, restoring the operation of critical services in the shortest possible time.
- Avoid unauthorized changes in the information.
- Promote information security awareness and training.
- Establish objectives and goals focused on evaluating performance in information security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.
