Eye with blue light

Information Security Policy

ISO 27001

The general objective of the Information Security Policy (ISP) is to establish a set of principles in the field of Information Security that allow compliance with the following guidelines:

- Define strategic guidelines at the corporate level that support the implementation of best information security practices, ensuring alignment with business requirements and legal, regulatory and technical information security requirements;

- Ensure the implementation and continuous improvement of a certifiable Information Security Management System (ISMS) in accordance with ISO 27001, namely: Defining the governance and operation model of the ISMS in terms of organization, functions, responsibilities, policies and associated processes;

- Sensitize all stakeholders to the importance of Information Security, constituting a reference guide that facilitates the implementation of requirements and minimize the risk of information security incidents;

- Know, manage, classify and treat information assets according to the strategic principles of information security;

- Manage information security risks periodically by identifying, assessing and defining noesis information security risk ecosystem mitigation strategies;

- Establish mechanisms to ensure the control of logical and physical access to information assets;

- Ensure that known security incidents are reported, thus allowing their treatment and continuous improvement of Noesis' response capabilities;

- Establish mechanisms to ensure the continuity of their security management services of business support infrastructures even following serious information security incidents.