Security Policy

The information should only be accessed by the correct people, entities, or authorized processes, and the rights of the property about that information should always be established appropriately.

The information must be precise and complete without unauthorized modifications.

The information must remain accessible and usable by the people, entities, or authorized processes at the required moment.

The information assets must be identified, classified, and registered. Risk management will ensure their proper safety, assuring a controlled environment. The reduction of risk levels will be taken care of by deploying safety measures that will imply a balance between the nature of the data itself, the treatment, the impact and the probability of the exposed risks, and the efficiency and cost of the safety measures.

The organization must fulfill its activities oriented to compliance with the needs of the interested parties in terms of legal regulations, the established regulations of regulatory organizations, the internal norms, and the procedures set by the Direction or any legal obligation.

The security measures will be reevaluated and updated periodically to ensure effectiveness against evolved risks and protection systems. The safety of the information will be addressed, reviewed, and audited by qualified personnel.

The employees are the essence of the company, and their full implication through conscious activities, education, and training enable their capacity to use them to benefit the SGI objectives.