LTK bases its activity on the treatment of different types of data and information, this allows it to execute basic business processes. Systems, programs, communications infrastructures, archives, databases, files, etc. constitute the main asset of LTK400, in such a way that its damage or loss affects the performance of its operations and can endanger the continuity of the Organization. For that not to happen, an information Security Policy has been designed whose main purposes are:
- Protect, through controls/measures, the assets against threats that may lead to security incidents.
- Palliate the effects of security incidents.
- Establish an information and data classification system to protect critical information assets.
- Define responsibilities in terms of information security by generating the pertinent organizational structure.
- Elaborate a set of rules, standards and procedures applicable to management boards, employees, partners, external service providers, etc.
- Specify the effects of non-compliance with the Safety Policy in the workplace.
- Evaluate the risks that affect the assets in order to adopt the appropriate safety measures/controls.
- Verify the operation of security measures/controls through internal security audits carried out by independent auditors.
- Train users in security management and in information and communication technologies.
- Protect people in case of natural catastrophes, fires, floods, terrorist attacks, etc. through emergency plans.
- Control the traffic of information and data through communication infrastructures or by sending optical, magnetic or paper data mediums, among others.
- Observe the legislation about data protection, intellectual property, labor, services of the information society, criminal, etc., that affects the assets of LTK.
- Protect the intellectual capital of the Organization so that it is not divulged or used illegally.
- Obtain the evidences that allow to accredit the security incidents and the identification of their author.
- Reduce the possibilities of unavailability through the proper use of the assets of the Organization.
- Defend assets against internal or external attacks so that they do not become security incidents.
- Control the operation of security measures by finding out the number of incidents, their nature and effects.
STATEMENT OF INTENT
Eduardo Aguilar, Managing Director of LTK, on behalf of the Management Committee, is aware of the importance of information security for the company in order to achieve an optimum degree of competitiveness in the current market. For this reason, LTK has developed this Security Policy and the corresponding procedures that guarantee the confidentiality, integrity and availability of the information.
The Management has wished to define the most appropriate processes for LTK to undertake a process to improve its Information Security Systems with the conviction that it will result in greater efficiency of its production processes. Therefore, when detailing the specific applications or solutions to the points contained in this document, it will be done under this perspective, enhancing, as far as possible, those solutions that bring security to the relevant information of LTK.
The final intention of the whole system defined and developed, is to offer the best service to our customers, improving our processes and scrupulously respecting their legally established rights. For all these reasons, the management of LTK wants to expressly state its knowledge and its approval of the policies developed in this document, so that all the staff must know and assume it as a part of their job functions.
In order for all this to be possible, the necessary resources will be allocated for the proper development of what is established here, both at the beginning of the project and in its future maintenance.
In Seville, on March 18, 2019
Manager of LTK