Information Security Management System Policy
The Information Security Management System of GRUPO RETAILGAS has as its main objective the protection of information, offering its workers, collaborators, suppliers and clients a safe working environment through adequate security measures and operative processes.
The principles of our information security policy are:
- Confidentiality: The information must be known exclusively by authorized persons.
Integrity: Information shall at all times be complete, accurate, valid and free from manipulation.
Availability: The information will always be accessible by authorized users at all times and its persistence will be guaranteed in the event of any eventuality.
In GRUPO RETAILGAS we are aware that our platform for infrastructure management is an asset with a high value for our organization and therefore requires adequate protection and management in order to give continuity to our business and minimize the possible damages caused by failures in the security of the information.
For all this, we acquire the following commitments:
- The permanent will of GRUPO RETAILGAS in terms of information security management will be manifested through training and awareness programs that promote participative management in these areas, making it possible for the skills of the personnel to be used for the continuous improvement of the productive process and security.
- To guarantee the development of our activities within the applicable norms and regulations, we will comply with the legislation and regulations in force, as well as with other requirements subscribed with our clients, including those related to information security and data protection.
- Comply with the requirements and continuously improve the effectiveness of the Information Security Management System, through the implementation of measurement and monitoring systems for the services provided to our customers, as well as security objectives.
- Perform and periodically review a risk analysis based on recognized methods that allow us to establish the level of information security and minimize risks through the development of specific policies, technical solutions and contractual agreements with specialized organizations.
- GRUPO RETAILGAS personnel will develop their work oriented to the achievement of the objectives set and in accordance, at all times, with the legal requirements, as well as those of the client.
- Selection of suppliers and subcontractors based on information security criteria.
- Any incident or weakness that may compromise or has compromised the confidentiality, integrity and/or availability of the information shall be recorded and analyzed in order to apply the corresponding corrective and/or preventive measures. Likewise, they shall be communicated to the parties concerned within the corresponding deadlines.
9th March 2020