Information Security Policy
CIDAUT FOUNDATION (hereinafter, CIDAUT) is an entity dedicated to research and development in Transportation and Energy, with the objective of enhancing competitiveness and industrial development in companies in the transportation, energy and industry sectors in general. .
Aware of the importance that information security has for the development of its business, it has decided to implement a management system and subscribes to this policy.
CIDAUT establishes, defines and reviews objectives within its Information Security Management System (ISMS) aimed at improving its security, understanding it as the conservation of the confidentiality, availability and integrity of its information, as well as the systems that support it. , increasing the confidence of our customers and other interested parties; along with compliance with all applicable legal, regulatory and contractual requirements.
The design, implementation and maintenance of the ISMS will be supported by the results of a continuous risk analysis and management process from which the actions to be carried out in terms of security within the scope of its system are derived, which is:
“Information systems that support the processes linked to the implementation of research, development and technological innovation projects, technological services and testing in the areas of: product design, energy and environment, materials, transformation processes, safety in vehicles, road safety, mobility, acoustics and vibrations and information technologies and industry 4.0 that are of interest to the industry in general and especially to the transport and energy sectors.”
The CIDAUT Management will establish the risk evaluation criteria so that all scenarios that imply an unacceptable level of risk are treated appropriately.
As part of the ISMS, Management will develop, implement and keep updated a Business Continuity Plan according to the needs of the company and dimensioned to the risks that affect it.
The CIDAUT Management is committed to the implementation, maintenance and improvement of the ISMS, providing it with those means and resources that are necessary and urging all staff to assume this commitment. To this end, CIDAUT will implement the measures required for the training and awareness of personnel with information security. In turn, when workers fail to comply with safety policies, Management reserves the right to apply disciplinary measures in accordance with the application agreement and within the applicable legal framework, and according to the impact this has on the organization.
Everything defined in this policy will be specified and developed in regulations and procedures of the ISMS, which will be integrated to the extent possible with other management systems of the organization, sharing those resources in favor of optimization and seeking continuous improvement of the efficiency and effectiveness of process management.
Every user will have the obligation to report security incidents using the guidelines established by CIDAUT.
This policy will apply to all personnel and resources that are within the scope of the ISMS, it is brought to their attention and is communicated to all interested parties.
Juan Carlos Merino Senovilla
General Director of the CIDAUT Foundation
Access classification |
Custom code |
Version |
Date |
Level One |
SGSI-002.A.02 |
01 |
30-SEP-2022 |