Dots
Dots
Gartner Report

Information Security Policy

NEVERHACK, as a company dedicated to ... THE MANUFACTURE AND SALE OF ELECTRONIC EQUIPMENT AND SOFTWARE IN GENERAL, INCLUDING MAINTENANCE, GENERAL TECHNICAL SUPPORT AND TECHNICAL TRAINING RELATED TO THESE ACTIVITIES. THE PROVISION OF SERVICES FOR COMPUTERIZED DATA PROCESSING, ESPECIALLY WITH REGARD TO - The sale of any type of products or services, whether proprietary or third-party, via telephone service provided by an operator. - The provision of advisory, consulting and/or technical support services, whether proprietary or third-party, via telephone and/or telematic service provided by an operator

For this reason, it has implemented an information security management system within the organization, whose main objective is to achieve business goals and customer satisfaction by ensuring at all times the security of information through established processes based on a continuous improvement cycle, thereby ensuring the continuity of information systems, minimizing damage risks and guaranteeing that the set objectives are met to ensure the confidentiality, integrity and availability of information at all times.

To this end, it reaffirms its commitment to information security in accordance with the reference standard of Royal Decree 311/2022, of May 3, which regulates the National Security Framework, whereby General Management establishes the following principles:

--> Competence and leadership on the part of management as a commitment to develop the Information Security Management system.

--> Identify the relevant interested parties, both internal and external, for the Information Security Management system and meet their requirements.

--> Understand the organizational context and determine the opportunities and the risks concerning information security as a basis for planning actions to address, assume, or manage them.

--> Ensure customer satisfaction, including that of stakeholders involved in the company’s outcomes, with regard to the execution of our activities and their impact on society.

--> Establish objectives and targets aimed at evaluating performance in terms of Information Security, as well as driving continuous improvement in our activities as outlined in the Management System governing this policy.

--> Comply with the requirements of applicable legislation and regulations related to our activities, the commitments undertaken with customers and stakeholders, and all internal norms or operational guidelines to which the company is subject.

--> Ensure the confidentiality of the data managed by the company and the availability of information systems, both in the services offered to customers and in internal operations, avoiding any undue alterations to the information.

--> Ensure the ability to respond to emergency situations by restoring the operation of critical services in the shortest possible time.

--> Implement appropriate measures for the treatment of risks arising from the identification and assessment of assets.

--> Motivate and train all staff working within the organization, both for the proper fulfillment of their roles and to act in accordance with the requirements imposed by the reference standard, by providing an adequate environment for the execution of processes.

--> Maintain smooth communication both internally, among the various levels of the company, and with customers.

--> Evaluate and ensure the technical competence of the staff for the performance of their duties, as well as foster their adequate motivation for participating in the continuous improvement of our processes.

--> Guarantee the proper condition of the facilities and suitable equipment in such a way that they correspond to the company’s activities, objectives, and targets.

--> Ensure a continuous analysis of all relevant processes, with the implementation of appropriate improvements based on the results obtained and the objectives set.

These principles are upheld by General Management, which provides the necessary means and resources to its employees for their fulfillment, documenting them and making them publicly known through this Information Security Policy.

Michele Illiano, General Director of NEVERHACK Spain and Mexico

Browse our use cases

Browse background