Information Security Management System
SHOWERTHINKING, aware that the security of the information related to our clients is a resource with great value, has established an Information Security Management System according to the requirements of the ISO/IEC 27001:2017 standard to guarantee the continuity of the information systems and their continuous improvement, minimize the risks of damage and ensure the fulfillment of the established objectives.
The objective of the Security Policy is to establish the necessary framework of action to protect information resources against threats, internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity and availability of information.
The effectiveness and application of the Information Security Management System is the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination and compliance with this Security Policy. In its name and representation, an Information Security Management System Manager has been appointed, who has sufficient authority to play an active role in the Information Security Management System, supervising its implementation, development and maintenance.
The Information Security Committee will proceed to develop and approve the risk analysis methodology used in the Information Security Management System.
Any person whose activity may be directly or indirectly affected by the requirements of the Information Security Management System is obliged to strictly comply with the Security Policy.
In SHOWERTHINKING all the necessary measures will be implemented in order to comply with the applicable regulations regarding security in general and computer security, related to the computer policy, to the security of buildings and installations and to the behaviour of employees and third parties associated to SHOWERTHINKING in the use of computer systems. The necessary measures to guarantee the security of the information through the application of norms, procedures and controls must allow to assure the confidentiality, integrity, availability of the information, essential for:
- Comply with current legislation on information systems.
- Ensure the confidentiality of the data managed by SHOWERTHINKING.
- Ensure the availability of the information systems, both in the services offered to the clients and in the internal management.
- To ensure the capacity to respond to emergency situations, restoring the operation of critical services in the shortest time possible.
- To avoid undue alterations in the information.
- To promote awareness and training in information security.