Information Security Policy

The Information Security Policy is a high-level public declaration of intent on the part of BALANTIA's Management, which, by virtue of the same, expresses its commitment to adopt all the necessary organisational, technical, physical and legal measures aimed at protecting the information and systems within its scope, thus achieving the objectives of confidentiality, integrity, availability and legality of all the information managed.

Accordingly, BALANTIA defines the following application principles to be taken into account within the framework of the Information Security Management System:

  • Confidentiality: The information processed by BALANTIA will be known only by authorised persons, after identification, at the time and by the means provided.
  • Integrity: The information processed by BALANTIA will be complete, accurate and valid, being the content provided by those concerned without any manipulation.
  • Availability: The information processed by BALANTIA will be accessible and usable by authorised and identified users at all times, guaranteeing its own persistence in the event of any foreseen eventuality.
  • Legality: BALANTIA guarantees compliance with all applicable legislation or contractual requirements. And in particular, the regulations in force relating to the processing of personal data.

In order to materialise the commitment to the above application principles, BALANTIA establishes the following basic principles of action, which will govern all corporate security activities:

  1. Define responsibilities in the area of information security, creating the corresponding organisational structure.
  2. Implement security regulations that establish the necessary measures and standards to prevent loss and unauthorised access, ensuring that information is handled with the quality and security necessary for professional performance.
  3. Develop a set of procedures applicable to management bodies, employees, partners, external service providers, etc.
  4. Guarantee the right to the protection of the personal data of all natural persons who come into contact with BALANTIA, in accordance with the provisions of the General Data Protection Regulation and the Data Protection and Digital Rights Guarantees Act.
  5. Promote security awareness through appropriate dissemination, awareness and training actions, tailored to each target audience and with sufficient regularity to ensure that knowledge in this area is kept up to date.
  6. Protect the organisation's intellectual capital from unlawful disclosure and use.
  7. Analyse and manage the risks to which BALANTIA is exposed using internationally recognised methodologies.
  8. Prevent incidents and plan an effective response and subsequent analysis should they occur. Likewise, to ensure the continuity of critical operations at BALANTIA in the event of such incidents.
  9. Monitor the current context of the organisation and the environment, as well as the evolution of events that allow us to identify the most relevant security threats in order to anticipate their potential impact.

BALANTIA's Management assumes the responsibility to support and promote the establishment of the organisational, technical and control measures necessary to comply with this Information Security Policy, as well as to provide the necessary resources to resolve as quickly and efficiently as possible any non-compliances and information security incidents that may arise, and to implement the necessary measures to ensure that they do not happen again.

18/12/2024

The General Management of BALANTIA