Menu

Can we help you?

+34 971 55 72 43

Home/Corporate information security policy

INFORMATION SECURITY POLICY

Information Security Management System

Policy reviewed annually

OBJECTIVE

The purpose of this Security Policy of the Information Security Management System (hereinafter ISMS) is to establish the management guidelines to be followed by the company. Information Security Management System (hereinafter ISMS) is to establish the management guidelines that Travel Compositor has implemented by Travel Compositor, to ensure that the access, use and custody of the custody of information assets will be carried out in accordance with the business requirements established by Travel Compositor. These guidelines are established with respect to the integrity, availability and confidentiality of the information, respecting the legal framework in force and faithfully complying with the guidelines, procedures and security regulations that are established.

SCOPE OF APPLICATION

The Information Security Policy of the ISMS is applicable to those who have access to the resources that have been identified as “information assets” of the company, within the established scope of the security management system. These protection requirements apply to all information in electronic or paper form and to information systems that have been identified as “information assets” or paper support and to the information systems owned or managed for Travel Compositor managed for it. The scope is detailed in the internal Context document.

PRINCIPLES

The formulation of the Information Security and Privacy Policy of the ISMS is based on the following key protection principles underpinned:

● Effectiveness: ensuring that all information used is necessary and useful to the development and dissemination of data.

● Efficiency: Ensuring that the processing of information is performed through optimal use of human and material resources.

● Integrity: Ensuring that all necessary and sufficient information is processed for the sufficient for the performance of the services and processes in each of the IT systems and that the information has not been systems and that the information has not been manipulated or intentionally corrupted.

● Accuracy: Ensure that all information is free of errors and/or irregularities of any kind.

● Availability: Ensuring that the information and the capacity for its and automatic processing, are safeguarded and retrieved when necessary, so that when necessary, so as not to significantly disrupt the performance of services.

● Legality: Ensure that all information and the physical media that contain, process and/or transport it are and/or transport, comply with the legal regulations in force in each area.

● Confidentiality: Ensuring that all information is protected from unauthorized use, accidental disclosures, breach of privacy and other unauthorized use, accidental disclosure, violation of privacy and other similar actions from unauthorized third party access.

● Privacy: Ensuring security in connection with the collection, use, retention, disclosure and disposal of personal information.

● Authorization: Ensure that all accesses to data and/or transactions that use them comply with the appropriate authorization levels for use and disclosure.

● Physical Protection: Ensuring that all means of processing and/or information storage have physical protection measures in place to prevent access and/or misuse prevent access and/or improper use by unauthorized personnel.

● Accountability: Ensure that stakeholders are aware of and responsible for safeguarding the security of information systems and for actions that can be taken to strengthen it.

OBJECTIVES OF THE SGSI

The objectives of the ISMS over the established scope are:

● To maintain and enhance the value of Information Security and Privacy. implemented throughout the Organization.

● To contribute each and every person at Travel Compositor to the The protection of the Security and Privacy of the Information.

● Having defined the security management framework using as a reference the ISO 27001 standard to establish the ISO 27001 standard to establish the management system of information security and the and ISO 27002 as a set of best practices for information security management. the ISO 27002 standard as a set of best practices for information security management, a commitment to continuous improvement is The commitment to continuous improvement is set as an objective.

● Ensure the commitment of Travel Compositor, with respect to the processing of personal data and those of personal data and those especially sensitive, compliance with the principles of legislation on privacy and data protection.

● Protect Travel Compositor information from all threats, whether internal or external, deliberate or accidental, with the aim of ensuring the continuity of service continuity of the service offered to customers.

POLICIES, STANDARDS AND PROCEDURES

All employees and collaborators of Travel Compositor participate actively in the culture of prevention and actively in the culture of prevention and protection of assets, derived from the ISMS. They must act in accordance with this policy, and those rules and security procedures, developed and communicated security procedures, elaborated and communicated by the entity.

SGSI ROLES AND RESPONSIBILITIES

The allocation and delimitation of responsibilities to ensure that the objectives proposed in this security and privacy policy are implemented and satisfied, require the establishment of certain functions in charge of the general aspects of information security management. general aspects of information security management. To this end, Travel Compositor has documented the roles and responsibilities in terms of information security in the internal document of Roles and Responsibilities for Information Security. Also, Travel Compositor has formed an Information Security Committee, which is the highest Committee, the highest body responsible for information security in Travel Compositor. Its functions are to identify objectives and strategies related to information security, as well as to lead the and strategies related to information security, as well as to direct and control the processes related to security, among other issues.

RISK MANAGEMENT

All information assets within the scope of the ISMS are subject to a risk analysis in order to assess threats and risks. This analysis shall be repeated:

● At least once a year.

● When information and/or services handled change in a significant way.

● When a serious security incident occurs or serious vulnerabilities are detected.

The Security Manager shall be responsible for ensuring that the risk analysis is carried out, as well as for identifying gaps in security. and identify gaps and weaknesses and bring them to the attention of the Information Security Committee.

The Information Security Committee shall promote the availability of resources to meet the security needs of the company. to meet the security needs of the different systems, promoting horizontal investments.investments of a horizontal nature.

The risk management process will comprise the following phases:

● Categorization of systems.

● Risk analysis.

● The Information Security Committee will proceed to the selection of security measures to be applied. The Information Security Committee shall select the security measures to be applied, which must be proportional to the risks and be justified.

Travel Compositor has an approved standard for the risk management cycle, in the internal Metrics document.

CONTINUOUS IMPROVEMENT

The management of information security is a process subject to permanent updating. Changes in the organization, threats, technologies and/or legislation are an example in which it is necessary to legislation are an example in which a continuous improvement of the systems is necessary. Therefore, it is necessary to implement a permanent process that will entail, among other actions:

a) Review of the Information Security Policy.

b) Review of processes, services and information and their categorization.

c) Annual execution of risk analysis.

d) Internal audits or, when appropriate, external audits.

e) Review of security measures.

f) Reviewing and updating standards and procedures.

POLICY AUTHORITY STATEMENT

The Information Security Committee has the authority to verify compliance with this Security and Privacy Policy, the compliance with this Security and Privacy Policy, the responsibility to enforce compliance with the enforce compliance with the general guidelines and corresponding actions contained therein, and the same and the independence to propose corrective and preventive actions necessary to meet the objectives of the necessary to meet the objectives of the risk treatment plan and the continuous improvement of information security.

It is the responsibility of all the people and departments involved in the processes or services included in the scope to or services included in the scope of this Security and Privacy Policy. To achieve this purpose it is necessary the implication and participation of all employees of Travel Compositor.

It may also require the participation of suppliers and third parties in the implementation of the security measures determined by Travel Compositor. security measures that are determined as minimum requirements.

The Security Committee is responsible for the Security and Privacy Policy, and shall periodically review it in response to changes in regulations. legislation and/or contractual requirements, changes in business strategy, or changes in the organization’s environment, whether technical, organizational or environment of the organization, whether at a technical, organizational level, or with regard to current and anticipated threats to the current and anticipated threats to information security, as well as by the knowledge gained from the study of knowledge acquired from the study of events and incidents that may have occurred and the and incidents that may have occurred and the analysis of the results of internal and external audits. In any case, this review shall be carried out at least once a year.

In the event that an improper use is detected that undermines the safety of the company, the current regulations security of the company, or in contravention of current regulations, especially in the area of data protection, or in or in contravention of this Security Policy, the company may take corrective measures or sanctions depending on the seriousness of the infraction, as well as proceeding to search the content of the equipment the content of the affected equipment if necessary, always respecting the law, and in particular the content of content of Article 18 of the Workers’ Statute.

GROUP
Atcore
Eventiz
Orchestra
Tigerbay
Traffics
Travel Compositor
Travel Connection Technology
TravelgateX
Travelsoft Services
Privacy summary

This website uses cookies so that we can provide you with the best possible user experience. Cookie information is stored in your browser and performs functions such as recognising you when you return to our site or helping our team understand which parts of the site you find most interesting and useful.

You can review our privacy policy on the privacy and cookies policy page.