Ariadna Grid (ARIADNA INSTRUMENTS), recognizing that information security is a critical resource, has established an Information Security Management System in accordance with the requirements of the UNE-EN ISO/IEC 27001:2017 standard to ensure the continuity of information systems, minimize risks of harm, and ensure the fulfillment of set objectives.
The objective of the Security Policy is to establish the necessary framework for protecting information resources against threats, whether internal or external, deliberate or accidental, in order to ensure the confidentiality, integrity, and availability of information.
The effectiveness and implementation of the Information Security Management System are the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination, and compliance with this policy. On its behalf and representation, an Information Security Management System Coordinator has been appointed, possessing the sufficient authority to play an active role in the Information Security Management System, overseeing its implementation, development, and maintenance.
The Information Security Committee will proceed to develop and approve the risk analysis methodology used in the Information Security Management System.
Any individual whose activity could be directly or indirectly affected by the requirements of the Information Security Management System is obligated to strictly adhere to the Security Policy.
At Ariadna Grid, all necessary measures will be implemented to comply with applicable regulations concerning security in general and information security, related to IT policy, building and facility security, and the behavior of employees and third parties associated with Ariadna Grid in the use of IT systems. The necessary measures to ensure information security through the application of standards, procedures, and controls must enable the assurance of confidentiality, integrity, and availability of information, which are essential to:
- Comply with current legislation regarding information systems.
- Ensure the confidentiality of data managed by Ariadna Grid.
- Ensure the availability of information systems, both in services offered to clients and in internal management.
- Ensure the ability to respond to emergency situations, restoring the operation of critical services as quickly as possible.
- Prevent unauthorized alterations to information.
- Promote awareness and education in information security.
- Establish objectives and goals focused on performance evaluation in information security, as well as continuous improvement in our activities, regulated by the Management System that develops this policy.