Information security policy

IDOM considers Information Security as a basic principle of the organization, which must be established from the inception and design in the organization of its projects. It is understood as the guarantee of confidentiality, integrity, and availability of the information, regardless of the media in which it is included.

The Information Security of IDOM is understood as a fundamental element for the maintenance of trust with its clients, its corporate image and its business processes, as well as the fulfillment of the security requirements established within the strategic objectives.

This Policy allows the company to achieve the security levels it requires based on the needs of the business, the context of the organization and the risks present in its processes, the principles of which are set out below:

• Principle of regulatory compliance: The entire organization will engage in and comply with legal, regulatory and industry requirements that affect the organization, particularly those related to data protection and privacy, system security and cybersecurity.
• Principle of risk management: The organization undertakes to conduct risk analyses at scheduled intervals in order to minimize risks to an acceptable level and in accordance with the objectives set by management, seeking a balance between security controls and the nature of the information handled.
• Principle of awareness and training: The organization must have adequate and necessary resources to implement security, such as training programs, sensitization, and awareness campaigns for all users regarding information security.
• Principle of security: The organization will ensure that access to information is restricted to authorized personnel, that such information is truthful, reliable, and accurate, and that it is supported by systems that have adequate continuity plans to ensure information security in its three aspects of confidentiality, integrity, and availability.
• Principle of proportionality: The organization will seek a balance between the implementation of controls that mitigate the security risks of the assets, the cost or effort involved, and their impact on operations, always taking into account the importance and criticality of the information contained therein.
• Principle of responsibility: All members of IDOM are fully aware of and responsible for their actions with respect to information security, the importance of compliance, and the controls in place.
• Principle of continuous improvement: The organization will periodically review the degree of effectiveness of the security controls in place, as well as compliance with objectives, risk mitigation and continuous improvement through planned reviews and audits to ensure an appropriate level of security.