General Security Policy
Salumedia Labs Security Policy
The Management of Salumedia Labs recognizes the importance of identifying and protecting its information assets, avoiding the destruction, disclosure, modification and unauthorized use of all information related to customers, employees, prices, knowledge bases, manuals, case studies, source codes, strategy, management, and other concepts; committing itself to develop, implement, maintain and continuously improve the Information Security Management System (ISMS).
Information Security is based on the preservation of:
a) its confidentiality, ensuring that only those who are authorized can access the information;
b) its integrity, ensuring that the information and its processing methods are accurate and complete;
c) its availability, ensuring that authorized users have access to the information and its associated assets when it is required. Information security is achieved by implementing an appropriate set of controls, such as policies, practices, procedures, organizational structures, and software functions. These controls have been established to ensure that the company's specific security objectives are met.
Salumedia Labs policy establishes that:
Information Security objectives are established annually.
A risk analysis process is developed and, according to its results, the corresponding actions are implemented in order to deal with the risks considered unacceptable, according to the criteria established in the Management Manual.
The control objectives and corresponding controls are established, in accordance with the needs arising from the risk analysis process. Business, legal or regulatory requirements and contractual security obligations are met.
Information security awareness and training is provided to all personnel.
The necessary means are established to guarantee the continuity of the company's business.
Any violation of this policy and of any ISMS policy or procedure will be sanctioned.
Every employee is responsible for recording and reporting confirmed or suspected security violations.
Every employee is responsible for preserving the confidentiality, integrity, and availability of information assets in compliance with this policy and the policies and procedures inherent in the Information Security Management System.
The Head of Security is directly responsible for maintaining this policy by providing advice and guidance on its implementation, as well as investigating any reported violations by staff.