Information Security Policy

One of MECALUX’s objectives is to safeguard the security of all information, whether personal or otherwise. For this purpose, it has established an Information Security system designed to reduce risks related to information security and cybersecurity. This system ensures that the information is protected, accessible only to users with a legitimate need for it to perform their duties and available and used solely for its intended purposes. To this end, MECALUX sets out the following strategic objectives:

  • Minimise the risks of loss of confidentiality, integrity and availability of information received, generated, processed and/or stored by MECALUX.
  • Support company departments in protecting information assets that support business operations and contain personal data.
  • Raise employee awareness of information security and cybersecurity in the performance of their duties.
  • Maintain an Information Security and Cybersecurity programme that supports the organisation’s strategic objectives and new business initiatives.
  • Ensure compliance with legal obligations, contractual commitments to clients and suppliers and all regulations, internal standards and/or guidelines applicable to the company.
  • Continuously improve the Information Security system.

The Information Security and Cybersecurity Policy applies to all users and covers all information created, processed and/or used by MECALUX, regardless of medium, format, presentation or location. All security measures adopted are intended to protect both information and the systems that manage it. These include applications, operating system resources, hardware and telecommunications networks and supports, whether managed by MECALUX or by companies or personnel expressly authorised for this purpose, such as service providers or data processors contracted by MECALUX, or legally authorised recipients. The Information Security and Cybersecurity Policy is designed to ensure three core principles:

  • Preserve confidentiality, ensuring that critical, sensitive, private or personal information managed by MECALUX is neither stolen nor accessible to unauthorised persons.
  • Minimise impacts on availability, ensuring that services provided by MECALUX do not become inaccessible or unusable.
  • Protect integrity, preventing data or system corruption at MECALUX that could compromise the accuracy or integrity of information, its processing or service availability.

The Information Security Policy will be further developed through specific regulations addressing particular aspects. Additionally, it will be reviewed at least once a year or whenever significant changes occur within the organisation to ensure that it remains aligned with the organisation’s strategy and needs.

This policy was reviewed and approved by Mecalux management on 15 September 2020.