Security Policy
The purpose of this Policy is to achieve adequate protection of Pandora FMS information, preserving the following security qualities
Confidentiality: Ensure that the information is accessible only to those who are authorized to have access to it.
Integrity: Ensure the accuracy and integrity of the information and the methods of its processing.
Availability: Ensure that authorized users have access to the information and its associated assets when required.
These basic principles must be preserved and ensured in any form that the information takes, whether in digital, printed, visual or spoken format, and regardless of whether it is processed in Pandora FMS facilities or outside them. Likewise, these principles must be considered in the following security areas:
- Physical: Covering the security of dependencies, facilities, hardware systems, supports and any physical asset that processes or may process information.
- Logical: Including the aspects of protection of applications, networks and prototypes of digital communication and computer systems.
- Corporate-political: Made up by the security aspects related to the organization itself, to internal rules, regulations and legal regulations.
Pandora FMS bases its activity on the processing of different types of data and information. This allows to run basic business processes. In such a way that the damage or loss of the organization’s assets affects the performance of its operations and may jeopardize the continuity of the organization. To prevent this from happening, an Information Security Policy has been designed, whose main objectives are:
- Protecting, through controls and security measures, the company’s assets against threats that may lead to security incidents.
- Mitigating the effects of security incidents, which may affect both members of the organization and external stakeholders.
- Establishing an information and data classification system in order to protect critical information assets, both internal and those that may be of interest to external stakeholders.
- Defining the responsibilities in terms of information security by generating the corresponding organizational structure.
- Developing a set of rules, standards and procedures applicable to management bodies, employees, partners, external service providers, etc. These security policies and compliance with ISO 27001 standards will be particularly relevant to customers, suppliers and external organizations and must be communicated in a timely manner. Of course, internally there will be greater communication of the operation of the ISMS and all internal policies and regulations.
- Specifying the effects of non-compliance with the Safety Policy in the workplace, through continuous training and internal communication.
- Continuously assessing the risks affecting the assets in order to adopt the appropriate security measures/controls.
- Verifying the operation of security measures and controls through internal security audits carried out by independent auditors.
- Training users in security management and information and communications technologies.
- Controlling the traffic of information and data through communications infrastructures or by sending optical, magnetic, paper data carriers, etc.
- Observing the legislation on data protection, intellectual property, labor, information society services, criminal, etc., that affects the assets of Pandora FMS and its relationship with external stakeholders.
- Protecting the intellectual capital of the organization so that it is not disclosed or used unlawfully.
- Ensuring an efficient service to our customers and other external stakeholders with a high level of quality and integrity, thus preserving their trust.
- Obtaining the evidence that allows to prove the security incidents and the identification of their author, whether it is external (suppliers, customers, users) or internal to the company.
- Reducing the chances of unavailability through the proper use of the organization’s assets, both internal and external.
- Defending assets against internal or external attacks so that they do not become security incidents.
- Controlling the operation of security measures by finding out the number of incidents, their nature and effects.
Personal data protection
Pandora FMS processes personal data for purposes previously communicated to the data subjects (their owners) and, if necessary, previously consented to by them at the time of data collection or subsequently.
In terms of data protection, those affected have rights of access, rectification, limitation of processing, portability, opposition, deletion and others (called ARCO/ARLtPOS rights). This means that any natural person can request information from Pandora FMS about what data is held on them, where it has been obtained, what is done with it, what it is used for and request changes in its use. In the event of the exercise of the ARCO/ARLtPOS rights of any affected party, Pandora FMS personnel are obliged to immediately notify the Data Protection Officer by sending an email to [email protected]. It is vitally important to do so immediately as there are strict legal deadlines for providing a response.
Anyone with access to Pandora FMS information resources or information assets (both their own or subcontracted personnel) must read, understand, know and accept the Information Security Policy and the Information Systems Use Policy at the beginning of the employment or commercial relationship with Pandora FMS and subsequently its modifications on an annual basis.
Address and Contact Information
Pandora FMS S.L.U
C/ Cólquide 6. Edificio Prisma, Portal 2, 3E, 28231
Las Rozas (Madrid). España.
Office phone: +34-915597222
General contact e-mail: [email protected]
Data Privacy Officer (DPO): [email protected]