Information Security Policy

In Nexiona Connectocrats S.L., Hereafter NEXIONA, we dedicate in a passionate way to the  creation of  products that bring solutions to the IoT professional market,  offering a software composer for Systems Integrators,  and customized solutions for manufacturers. The proximity, quality service and the orientation toward results are  our distinguishing signals,. Consequently, being conscious about the importance of the information and in  accordance with the path that marks our own identity, it has been promoted from NEXIONA the establishment of an  Information Security Managing System (ISMS) in accordance to the requirements of the ISO/IEC 27001:2013 standards in order to identify, evaluate and minimize the risks which your information is exposed,  and also  that one of  your customers, and to guarantee the fulfillment of the  established objectives as  well. The main objective  of  this Security Policy is to establish an action model that allows us to develop a business culture, a way of working and making decisions in NEXIONA, as well  as  to achieve that the information security and the respect for the personal data be a constant by:
  • Preserving the information confidentiality of our customers,  preventing its disclosure  and access  to  non authorized people.
  • Keeping our customers information integrity, guaranteeing its accuracy and avoiding its  spoilage.
  • Ensuring our customers the information availability in all the supports and whenever it is required.
The General Management, on their behalf,  particularly values and  establishes as main criteria to make an estimate  of  its risks, the availability appreciation and confidentiality of its information and even more the one  from its  customers. Thus, is committed to develop, install, maintain and improve its ISMS constantly with  the  objective  of continuous improvement in the way that we provide our services and in the way that we treat our customers information. Therefore it is  Nexiona’s Policy that:
  • Goals regarding  to the Information Security are  set annually.
  • Legal and contractual requirements of the Business are fulfilled.
  • Training and awareness activities with regard to the information security processes are done for all employees.
  • An analysis process, managing and risk treatment over the information assets is developed.
  • Control Objectives are established and also the corresponding controls to mitigate the identified risks.
  • Establish the responsibility of all employees regarding to:
    • Report security violations.
    • Preserve the confidentiality, integrity and availability of the information assets in accordance with the current policy.
    • Comply with the policies and  procedures inherent to the Security of Information Managing System.
The  Security Responsible, hereafter the Information  Security Officer (ISO), will  be the  direct responsible to maintain this  policy, giving  advice and guidelines for its installment and to make corrections of  deviations  in its compliance. The  current information security policy will be aligned  with the Business general policies and with those which will serve as framework to other internal managing systems, such as the quality policies or the environmental policies. In Barcelona,  November 15th, 2016 CEO