Information security policy

1.1. SAFETY OBJECTIVES

• Ensure the confidentiality, integrity and availability of information.
• Comply with all legal requirements applicable to the organization.
• Elaborate a continuity plan that allows to recover to a disaster in the shortest possible time.
• Comply with the requirements applicable to our Information Security Procedures and the commitment to Continuous Improvement of the Information Security Management System.
• Train and educate all employees in the field of information security.
• Record and properly manage all security incidents that have occurred.
• Inform all employees of their duties and safety obligations and the responsibility to comply with them.
• Conduct periodic reviews with the objective of continuously improving the security of the organization's information.
• Protection of personal data in accordance with current regulations on Protection of Personal Data and the requirements established in the ISO-27018 standard

1.2 PLANIFICATION

The actions to be carried out by GIGAS HOSTING to fulfill the security objectives go through the implementation, operation and maintenance of the Information Security Management System (ISMS), which is always in line with this policy.

In order to guarantee a correct management of the security, GIGAS HOSTING carries out a study of the security of the organization through a risk analysis and the establishment of a plan of treatment of risks for those risks not accepted by the Security Committee of the organization.

The procedure for conducting the risk analysis is documented in the Risk Analysis Methodology document (private document), which establishes the requirements to evaluate the different threats to which they are exposed.

1.3 IMPLANTATION

Once the security risk assessment and the results obtained in the planning phase have been carried out, it is the responsibility of the Security Officer with the support of the Committee to implement certain security controls for those threats that have a level of risk not assumed by the organization, in addition to operating the procedures of the management system to fulfill the demands of the process.

1.4 REVISION

Information security policy and risk assessment are regularly reviewed at planned intervals or if significant changes occur to ensure the continued appropriateness, effectiveness, and effectiveness of the policy. Generally, they are reviewed annually through the internal audit of the ISMS or the review of the system by Management, which plays an important role by conducting a thorough analysis of the system and detecting possible improvements and deficiencies.

1.5 IMPROVEMENTS

Improvements in the information security policy and the ISMS are established either during the review phases or on the basis of contributions that are considered to be of interest to both the organization's staff and external staff.

The results obtained on the basis of the internal audit, are reviewed by the Safety Officer and raised to the Committee, where opportunities to improve the system will be established.

The whole ISMS is framed within the Demming cycle (PDCA cycle), based on the planning of activities, their implementation and operation, their revision and subsequent improvement. All this applied to the security of the information.

1.6 RESPONSIBILITY OF USERS

Users of information systems should strive to promote their efficient use in order to avoid unnecessary traffic on the network.

The users themselves will be responsible for the correct custody of the assets they hold for the performance of their contractual duties.

Do not disclose or use directly the information to which they have access during their employment relationship with GIGAS HOSTING All commitments must be maintained, even after the employment relationship with the company has expired.

Ensure that all employees and third parties understand their responsibilities and are adequate to carry out their duties in order to reduce the risk of theft, fraud or misuse of the resources made available to them.

All unauthorized physical access will be prevented and security measures will be taken to avoid losses, damage, theft or circumstances that endanger the assets or that may cause the disruption of GIGAS HOSTING activities.

Internet and e-mail users should make efficient use of networks, as well as preserve the confidentiality and integrity of the information transmitted through these means.

Access to the information systems of the organization will be controlled only by authorized personnel and under the security conditions that the organization has decided to operate.

All security incidents should be communicated through the Help Desk of GIGAS HOSTING, to the address soporte@gigas.com

Any failure to comply with laws, legal, regulatory or contractual obligations and security requirements affecting GIGAS HOSTING information systems will be avoided.