The Information Security Management System (ISMS) of iFactum is aimed at protecting the confidentiality, integrity and availability of the company's information, as well as that entrusted to it by employees and/or contractors, suppliers and customers in the development of the provision of services; to this end, it defines clear guidelines, aligned with business objectives and technological changes.
iFactum - Highweb & Page Group Inc. is committed to comply with the legal, regulatory, technical and other requirements applicable to the company related to information security; furthermore, to develop, implement, operate and continuously improve its information security management system (ISMS), to identify and minimize the main risks to which the information is exposed to an acceptable level, through the implementation of effective controls for the protection of its information assets.
At iFactum - Highweb & Page Group Inc. an organizational culture based on information security is generated, in order to minimize the occurrence and impact generated by security incidents.
INFORMATION SECURITY OBJECTIVES
- Strengthen the culture of information security risk prevention through awareness and constant training of the company's employees and/or contractors.
- Manage information security risks in a timely manner through the establishment and implementation of treatment plans and the continuous improvement of security controls.
- Guarantee the availability required by the company of the cloud services vital for the development of the company's processes.
- Minimize risks on IT systems, identifying and managing technical vulnerabilities at the level of operating systems, software applications and databases used by the areas and services provided by the company in a timely manner.
- Diligently manage security and cybersecurity events and incidents, strengthening the company's ability to deal with threats and cyber-attacks, including those generated from cyberspace.
- Strengthen the continuous improvement of the system through the planning and execution of audit programs and the timely implementation of corrective and improvement actions required by the Information Security Management System (ISMS).
