Development and implementation of the Information Security Management System (ISMS)
CAF DS agrees that the development of the Organization's activities and the achievement of its objectives require guaranteeing, at all times, compliance with the established levels of confidentiality, availability and integrity for its information assets.
For this purpose, the Information Security Management System (ISMS) has been developed and implemented, which establishes the reference framework for the safe handling of the Organization's assets.
This framework of reference for the establishment of information security objectives in CAF DS is as follows:
- Make clear the commitment of the Directorate with the security of the information.
- Define, develop and put into operation the technical, legal and management controls necessary to guarantee compliance, at all times, with the risk levels approved for the Organization.
- Define, develop and put into operation the technical and management controls necessary to guarantee the availability, confidentiality and integrity of the platform that provides service to clients.
- Comply at all times with current legislation on data protection and the information society, as well as any other that affects the security of the Organization's assets.
- Create a “safety culture”, both internally, for all staff, and externally for customers and suppliers.
- Treat information security as a process of continuous improvement.
- Maintain the trust of customers