Information security policy
The Security Policy of TECCO AUTOMOTIVE, S.A. reflects the principles and objectives in terms of information security, whose results allow our company to ensure the proper treatment of the information guaranteeing and regulating its confidentiality, integrity and availability to achieve its purpose of achieving the highest satisfaction of its customers and other interested parties, such as employees, shareholders, or suppliers. Additionally, it allows us to obtain the confidence of future clients, with the certainty that their information will be treated in a secure environment applying all the appropriate measures that guarantee its confidentiality and integrity.
By means of the elaboration, communication and maintenance of this policy, the Management of TECCO AUTOMOTIVE, S.A. shows its commitment to protect the confidentiality of the information with which it operates in the provision of its services, to guarantee its integrity in all the treatment processes it carries out, as well as the availability of the information systems involved in these treatments.
To this end, the Management has defined and implemented an Information Security Management System (ISMS) that allows the company to ensure that the information systems and the information created, collected, stored and processed comply with:
- Security in Human Resources Management, before, during and at the end of employment.
- Proper asset management involving the classification of information and handling of media, and the establishment of robust logical access control to your systems and applications, managing user permissions and privileges.
- The protection of facilities and the physical environment, through the design of safe work areas and the safety of equipment.
- Ensuring the security of operations by protecting against malware, making backup copies, establishing logs and monitoring them, and controlling the software in operation.
- The management of technical vulnerabilities and the choice of appropriate techniques for auditing systems.
- Communications security, protecting networks and information exchange.
- Ensuring security in the acquisition and maintenance of information systems, limiting and managing change.
- Performing safe software development, separating development and production environments, and performing appropriate functional acceptance testing.
- The control of relations with suppliers, contractually demanding compliance with the pertinent security measures and acceptable levels of service.
- Efficiency in the management of security incidents, establishing the appropriate channels for their notification, response and timely learning.
- The implementation of a business continuity plan that protects the availability of services during a crisis or disaster.
- Identification of and compliance with applicable regulations, with special emphasis on intellectual property and personal data protection.
- Periodic review and continual improvement of our information security management system to ensure compliance with and effectiveness of these requirements.
All the organization's personnel have the duty to comply with this policy, for which the Management has the necessary means and sufficient resources for its fulfillment, and assumes the responsibility of communicating it and keeping it accessible to all interested parties.