- Home
- Information Security Policy
Information Security Policy
INFORMATION SECURITY MANAGEMENT SYSTEM HANDBOOK
Annex B. Information Security Policy - 9 January 2024
The BIVALTASA GLOVAL ADVISORY S.L. Group (hereinafter, “Gloval”), being aware of the importance of information security for fostering the trust of our clients in the services we offer and the current threats that exist, has implemented an Information Security Management System in accordance with the ISO/IEC 27001:2023 standard (hereinafter, “ISMS”) in the business process and analytical solutions for various sectors of activity, known as BIVALTASA GLOVAL ANALYTICS, S.L. (hereinafter, the GLOVAL ANALYTICS Service), commercially managed by all companies forming part of the Gloval group.
The purpose of this Management System is to establish an operational and control framework, based on internationally recognised good business practices, to protect all the information under Gloval’s control, within the framework of providing the GLOVAL ANALYTICS service by the companies in the group, as well as the various assets necessary for its processing.
This ISMS Policy, along with all associated development regulations created within its scope, is mandatory for all personnel. Failure to observe the provisions of these documents will result in various consequences for all parties involved, including the initiation of disciplinary procedures for internal personnel or the termination of agreements reached between Gloval and collaborating third parties. Gloval has established specific procedures to ensure that all personnel are aware of, understand, and comply with the ISMS Policy and all associated regulations.
Additionally, mechanisms have been established for all interested parties to communicate any type of concern, notification, or report related to the various compliance obligations affecting Gloval or to which it has committed. The use of these mechanisms will, under no circumstances, result in any reprisal or harm to those who make notifications in good faith. In cases involving risks or situations linked to the commission of crimes or bribery, all Gloval personnel, as well as third parties with whom it has a relationship, will be obliged to notify such situations as soon as possible.
As a demonstration of its commitment to security, Gloval’s Management publicly adopts the following commitments:
• The consideration of security as an integral process based on risks.
• Actively supporting the Management System, as well as the personnel responsible for it.
• Establishing a framework for defining, reviewing, and achieving the objectives, values, and strategy of the organisation with respect to the Management System of the service.
• Defining and assigning the necessary responsibilities, creating the corresponding organisational structure. Among other measures, Gloval has appointed an ISMS Manager.
• Creating and promoting a culture of compliance throughout the organisation.
• Integrating the identification and management of compliance risks into the entire GLOVAL ANALYTICS service process.
• Providing the various areas of the organisation with the necessary resources for the correct implementation of the ISMS and the management of the GLOVAL ANALYTICS service’s security.
• Proactively safeguarding the security of information in terms of Confidentiality, Integrity, and Availability.
• Complying with the requirements of the ISO/IEC 27001:2023 standard.
• Complying with the legal, regulatory, and contractual information security requirements applicable to Gloval.
• Achieving continuous improvement in all processes related to the ISMS and the management of information security.
Specifically, in the daily management of security, actions will always be carried out in accordance with the following requirements:
• Prevention, detection, response, and preservation.
• Continuous monitoring and periodic re-evaluation.
• Differentiation of responsibilities.
• Organisation and implementation of the security process.
• Risk analysis and management.
• Personnel management.
• Authorisation and control of access.
• Protection of facilities.
• Acquisition of security products and contracting of security services.
• Minimum privilege.
• Integrity and updating of the information system.
• Protection of stored and transmitted information.
• Prevention in relation to other interconnected information systems.
• Activity logging and detection of malicious code.
• Security incidents.
• Continuity of operations.
• Continuous improvement of the security process.
All documentation, records, and documented guidelines of the ISMS are managed in accordance with the documented procedures developed by Gloval, considering the national and international standards applicable in each case.
The Management of Gloval