Information Security Policy
One of MECALUX’s objectives is to safeguard information security, whether personal or not. For this purpose, it establishes an Information Security system to ensure the reduction of risks associated with information security and cybersecurity; that the information is accessible only by those users who have a legitimate need for it to perform their functions; and that the information is protected, available, and used for the purposes for which it was obtained. To this end, MECALUX defines the following strategic objectives:
- Minimize the risks of loss of confidentiality, integrity, and availability of the information received, generated, processed, and stored by MECALUX.
- Support company departments in securing the information assets that support business operations and information with personal data.
- Raise awareness among employees regarding information security and cybersecurity in the performance of their duties.
- Maintain an Information Security and Cybersecurity program that supports the strategic objectives of the organization as well as new business projects.
- Ensure compliance with legal requirements, commitments entered into with customers and suppliers, and all regulations, internal standards, and/or guidelines to which the company is subject.
- Continuously improve the Information Security system.
The Information Security and Cybersecurity Policy concerns all users and must be applied to all information created, processed, and/or used by MECALUX, regardless of medium, format, presentation, or location. All security measures adopted are aimed at protecting the information and information systems that support it. These include applications, operating system resources, telecommunications networks and supports, and computer equipment, whether managed by MECALUX or by those companies or personnel expressly authorized for this purpose, such as those that have signed a contract for the provision of services or data processing with MECALUX or legally authorized assignees. The Information Security and Cybersecurity Policy is focused on ensuring three main scenarios:
- Compliance with confidentiality, which implies that critical, sensitive, private, and/or personal information managed by MECALUX will not be stolen or accessed by unauthorized persons.
- Minimization of the impact on availability of information in cases where the services provided by MECALUX are inaccessible or unusable.
- Integrity, avoiding data corruption and MECALUX systems that affect the accuracy or integrity of information and processing, and that could also affect the availability of services.
The Information Security Policy will be developed by means of security regulations that address specific aspects. Likewise, it will be reviewed at least once a year and whenever there are relevant changes in the organization in order to ensure that it is in line with the strategy and needs of the organization.
This policy was reviewed and approved by Mecalux management on September 15, 2020.