General Security Policy
| Title: | Website terms of use |
| Version: | 2 |
| Process: | Financial & Administrative |
| Prepared by: | Francisco Gutiérrez Role: IT and Innovation Manager Date: 12/04/2023 |
| Approved by: | Hetha Chelin Role: Chief Financial and Administrative Officer (CFAO) / US Country Manager Date: 12/05/2023 |
The present policy refers to the management and information security of MAS Global and
the use of this policy by officials and other people that can lawfully process information.
The Policy of information security is the general document for the information security
framework of MAS Global and is intended to provide a general vision of information security best practices.
The objective of information security at MAS Global is to protect information from internal
or external threats, ensuring balance in the level of risk, continuity of operations, reduction in the impact of security breaches, protection of information from malicious users, generation of business opportunities, enforcing compliance of client needs, legal issues, contractual and regulatory; proper information management, as this will help us to maintain relationships with current and future clients.
The pillars of security for MAS Global, which are required for the implementation of the
model of security regarding client requirements, of law and security best practices are:
confidentiality, integrity, availability, and nonrepudiation, also presented are definitions
relevant to the protection and quality of personal data and information management which are: effectiveness, efficiency and reliability.
Safeguarding information requires holistic risk management procedures that identify,
classify and define the owners who are responsible for information assets in conjunction
with sensibility and criticality (public, private and confidential) aligned with the process of
information classification, in order to determine the treatment option (accept, mitigate,
avoid, transfer), level of criticality and controls required depending on the level of exposure. Always with priority and an acceptable level of risk as defined by the Company.
Count on the commitment of MAS Global, which provides resources for different types of
work that permit implementation of adequate governing of information security aligned with the needs of the business, strategy, vision, mission, organizational coexistence and labor policy, the requirements of the partners, clients, law, contractual, regulatory and the needs of internal affairs and other interested parties. In the same manner MAS Global provides education, training, raising awareness regarding all of the required security issues.
All of the employees, contractors, freelancers, external or others that have a direct or indirect relationship with MAS Global are responsible for the management and treatment of the information and of the controls implemented by internal affairs or whose equipment actively contains them, as well as detecting any opportunity for improvement, reporting events/incidents of security through the appropriate channels and divulging to the company and implementing preventative or corrective actions as necessary, in order to ensure a process of effective improvement continues in Information Security Management.
The leadership of MAS Global approves the present information security policy by virtue of its support and commitment to the design and implementation of efficient policies that guarantee the information security of the company. The company itself will verify the implementation of these activities at planned intervals, the progress of actions, the closure and tracking of the System of Management of Information Security.
Lastly, management of MAS Global delegates responsibility for Information Security Management of the company to the IT and Innovation manager, who should ensure that the policy is complied with, divulging, revising, maintaining documentation in the Manual of Policies and guidelines of MAS Global following specific formats established by the ISO 27001 international standard and its norms or guidelines derived by other internal requirements or by clients.
MAS Global strives to create and be an agent of positive impact on its clients, people and
communities, through creating and maintaining a culture of qualified technological
professionals that bring invaluable digital transformations with commitment based on trust and collaboration.
Annexes
Annex 1 Change control
| Version | Change item | Change made | Reason for change | Date of change |
|---|---|---|---|---|
| 1. | N.A. | N. A. | Annual review of the policy. It is determined that the policy remains in effect and does not require changes. | 08/04/2022 |
| 2. | N. A. | N. A. | Annual review of the policy. It is determined that the policy remains in effect and does not require changes. | 08/04/2023 |