Terms and conditions
In Nexiona Connectocrats S.L., Hereafter NEXIONA, we dedicate in a passionate way to the creation of products that bring solutions to the IoT professional market, offering a software composer for Systems Integrators, and customized solutions for manufacturers.
The proximity, quality service and the orientation toward results are our distinguishing signals,. Consequently, being conscious about the importance of the information and in accordance with the path that marks our own identity, it has been promoted from NEXIONA the establishment of an Information Security Managing System (ISMS) in accordance to the requirements of the ISO/IEC 27001:2013 standards in order to identify, evaluate and minimize the risks which your information is exposed, and also that one of your customers, and to guarantee the fulfillment of the established objectives as well.
The main objective of this Security Policy is to establish an action model that allows us to develop a business culture, a way of working and making decisions in NEXIONA, as well as to achieve that the information security and the respect for the personal data be a constant by:
- Preserving the information confidentiality of our customers, preventing its disclosure and access to non authorized people.
- Keeping our customers information integrity, guaranteeing its accuracy and avoiding its spoilage.
- Ensuring our customers the information availability in all the supports and whenever it is required.
The General Management, on their behalf, particularly values and establishes as main criteria to make an estimate of its risks, the availability appreciation and confidentiality of its information and even more the one from its customers. Thus, is committed to develop, install, maintain and improve its ISMS constantly with the objective of continuous improvement in the way that we provide our services and in the way that we treat our customers information. Therefore it is Nexiona’s Policy that:
- Goals regarding to the Information Security are set annually.
- Legal and contractual requirements of the Business are fulfilled.
- Training and awareness activities with regard to the information security processes are done for all employees.
- An analysis process, managing and risk treatment over the information assets is developed.
- Control Objectives are established and also the corresponding controls to mitigate the identified risks.
- Establish the responsibility of all employees regarding to:
- Report security violations.
- Preserve the confidentiality, integrity and availability of the information assets in accordance with the current policy.
- Comply with the policies and procedures inherent to the Security of Information Managing System.
The Security Responsible, hereafter the Information Security Officer (ISO), will be the direct responsible to maintain this policy, giving advice and guidelines for its installment and to make corrections of deviations in its compliance.
The current information security policy will be aligned with the Business general policies and with those which will serve as framework to other internal managing systems, such as the quality policies or the environmental policies.
In Barcelona, November 15th, 2016