IT Security Management System Policy
Metal Group, aware of the importance of information security, especially that related to employees, clients and business processes, has implemented an information management system based on the ISO 27001 standard: In order to develop the express commitment of the Organization In the continuous improvement of the management system, the Management establishes the following information security management principles:
✔Knowledge and application by all employees and collaborators, according to their role within the Company, of security policies and procedures, both general and those that may apply to specific groups, including:
● Access control, opening and closing of facilities
● Information and treatment of visits to the facilities
● Security training, awareness and motivation
● Knowledge of roles and responsibilities
● Business continuity management
● Consequences of failure to comply with security policies
● Support in information security management
● Compliance with legislation
● Good user practices manual
✔ Diligence on the part of all employees and collaborators in communicating possible security incidents.
✔ Ensure that the procedures that determine the confidentiality, integrity, availability, traceability and authenticity of the information are met.
✔ Support for the security organizational structure established to meet information security control objectives and continuous risk management.
✔ Guarantee the correct use of facilities and equipment so that they are in accordance with the activity and objectives of the organization.
✔ Commitment to protecting the safety and health of its workers, as well as to implementing an adequate work environment.
✔ Structure our management system in a way that is easy to understand. The management of our system is entrusted to the person responsible for Management and the system will be available in our information system in a repository, which can be accessed according to the access profiles granted according to our current access management procedure.