INFORMATION SECURITY MANAGEMENT POLICY
LARAGON SUSTAINABILITY SOLUTIONS SL, hereinafter LARAGON, is a TECHNOLOGICAL CONSULTING company SPECIALIZED in the areas of Sustainability, Environment, Health and Safety, and Operational Risks, that applies innovative technologies to improve critical business processes in companies.
We are committed to the security of our information assets as the most strategic and sensitive element of our organization, and we guarantee for all of them:
– AVAILABILITY: using different project management software’s that allow hierarchical access to the personnel designated for the same, with guaranteed access to the possibility of incidents of any kind.
– CONFIDENTIALITY: LARAGON will not disclose to unauthorized third parties any information either by physical support or electronic messaging. Any customer information will be treated at all times with the highest level of confidentiality by all authorized users.
– INTEGRITY: the information will be accurate and complete at all times.
To achieve this, we have implemented an information security management system (ISMS), adapted to the requirements of the ISO 27001 standard.
With this ISMS we want to guarantee to all interested parties compliance with the information security requirements in all our processes, providing the necessary resources both internally (technical resources with the appropriate information security measures and control of the processes of their equipment) and externally (commitments regarding information security and other ad hoc clauses regarding security with external suppliers).
Our Security Policy is guided by the following guidelines:
1. It takes into account the changing context of the sector.
2. It establishes the frame of reference for setting information security objectives that are compatible with this context and purpose.
3. Develops a process of analysis and management of information security risks that allows to identify, evaluate and qualify such risks in order to subsequently implement corrective actions and improvements.
4. Minimizes and prevents information security incidents by implementing actions in the event of any possible incident.
5. Establishes roles and responsibilities in security matters that translate into an effective allocation of functions.
6. Ensures that all processes, products and services of LARAGON meet the requirements of the customer and other interested parties, as well as any other legal or regulatory requirement or that LARAGON may subscribe to in terms of information security.
7. Implements the necessary means to ensure business continuity.
8. Continuously improves the effectiveness of the ISMS
9. Guarantees the adoption of appropriate technical and organizational measures to ensure the permanent confidentiality, integrity and availability of the systems and services for processing the technical information of the projects.
LARAGON’s Management assumes the commitment to promote this Policy as a fundamental part of its business policy. It also undertakes to communicate and disseminate it to all interested parties and to guarantee the understanding and access to it by all, in order to achieve the committed objectives.
In Madrid, on December 10, 2021