At NEXIONA Connectocrats S.L., hereinafter NEXIONA, we are passionately dedicated to the creation of products that provide solutions to the IoT professional market, offering a software composer to System Integrators, and customized solutions to Manufacturers.
Closeness, quality of service and results orientation are our identity hallmarks. Therefore, being aware of the transcendence of information security, and in line with the path that defines our identity, the establishment of an Information Security Management System (ISMS) has been driven from NEXIONA in accordance with the requirements of ISO/IEC 27001: 2013 standard in order to identify, evaluate and minimize the risks to which both NEXIONA’s and customers’ information is exposed as well as to ensure compliance with the settled goals.
The main goal of this Security Policy is to establish a performance model allowing us to develop a corporate culture, a way of working and decision making at NEXIONA, as well constantly ensure that information security and respect for personal data:
- Preserving the confidentiality of our customers’ information, preventing their disclosure and being accessed by unauthorized individuals.
- Maintaining the integrity of our customers’ information, ensuring its accuracy and avoiding its deterioration.
- Ensuring the availability of our customers’ information, in all the supports and whenever it is necessary.
The Management itself, especially values and establishes as the main criterion for the estimation of its risks the assessment of the availability and confidentiality of its information and even more that of its customers. Thus, it undertakes to develop, implement, maintain and improve perpetually its ISMS with the objective of continuous improvement in the way we provide our services and in the way we treat our customers’ information. Therefore, NEXIONA’s policy is defined by:
- Establishing annual goals in relation to Information Security.
- Accomplishing legal, contractual and business requirements.
- Carrying out training and awareness-raising activities in the field of Information Security processes for all staff.
- Developing a process of analysis, management and treatment of the risk on the information assets.
- Establishing control objectives and the corresponding controls to mitigate the risks detected.
- Establishing the responsibility of employees in relation to:
- Reporting security violations.
- Preserving the confidentiality, integrity and availability of information assets in compliance with this policy.
- Complying with the policies and procedures inherent to the Information Security Management System.
The Information Security Officer (ISO), will be directly responsible for the maintenance of this policy, providing advice and guidance for its implementation and corrections to deviations from its compliance.
This information security policy will always be aligned with the company’s general policies and with those that serve as a framework for other internal management systems, such as quality or environmental policies.
Barcelona November 15th 2016