The general objective of the Information Security Policy (ISP) is to establish a set of principles in the field of Information Security that allow compliance with the following guidelines:
- Define strategic guidelines at the corporate level that support the implementation of best information security practices, ensuring alignment with business requirements and legal, regulatory and technical information security requirements;
- Ensure the implementation and continuous improvement of a certifiable Information Security Management System (ISMS) in accordance with ISO 27001, namely: Defining the governance and operation model of the ISMS in terms of organization, functions, responsibilities, policies and associated processes;
- Sensitize all stakeholders to the importance of Information Security, constituting a reference guide that facilitates the implementation of requirements and minimize the risk of information security incidents;
- Know, manage, classify and treat information assets according to the strategic principles of information security;
- Manage information security risks periodically by identifying, assessing and defining noesis information security risk ecosystem mitigation strategies;
- Establish mechanisms to ensure the control of logical and physical access to information assets;
- Ensure that known security incidents are reported, thus allowing their treatment and continuous improvement of Noesis' response capabilities;
- Establish mechanisms to ensure the continuity of their security management services of business support infrastructures even following serious information security incidents.
