General security policy
The General Management of EJIE is committed to maintaining and improving their Information Security Management System (ISMS), based on international ISO standard 27001 and the Information Privacy Management System (IPMS) based on international ISO standard 27701, in accordance with the following general principles:
The availability, integrity, confidentiality, traceability, authenticity, and privacy of all information, and especially personal data, that it generates, safeguards, or manages belonging to itself and its clients, as well as the IT systems and services that support it, will be protected.
It will be guaranteed that the organisational, regulatory, contractual, operational, and technological security measures used are proportional to the criticality of the information and risks that affect the IT systems and services that support them, in addition to ones that affect the rights and freedoms of individuals, which will be appropriately protected, and a suitable cost-benefit balance will be maintained.
Effective management and resolution of incidents that affect security, privacy, and continuity of the IT systems and services that support them will be ensured, in a way that they will be repeated.
Information privacy and security being part of the organisation’s culture, such that all staff understands, accepts, and applies privacy and security guidelines in a responsible way, will be safeguarded.
They will guarantee that the services provided can keep being provided, even in the event of a serious incident that causes dysfunctions in them.