Information security policy

INFORSERVEIS, is a company dedicated to innovative software solutions for automation based on advanced management tools for workshops, dealerships, and automotive groups. For this reason, the company has implemented an information security management system within the organization with the primary objective of reaching business objectives and satisfying customers by ensuring that information is secure at all times through processes established and based on a continuous improvement process, guaranteeing the continuity of the information systems, minimizing risks of damage, and ensuring compliance with the objectives established to guarantee information confidentiality, integrity, and availability at all times.

Our pillars in providing our services are:

  • Security
  • Latest generation technology
  • Digitization of all processes
  • Technical team focused on needs
  • Intelligent service tools supporting Mobility, Comprehensiveness, and Connectivity Approved and certified software for the automotive industry’s leading entities (Volkswagen, Audi, Seat, Skoda, Porsche, GMC, KIA, IVECO, General Motors, Chevrolet, Yamaha, IVECO, Case IH)

To do this, Inforserveis is committed to information security according to the ISO/IEC 27001: 2013 reference standard, which is why Management has established the following principles:

  • Management’s expertise and leadership as a commitment in developing the Information Security Management system.
  • Determining the relevant internal and external stakeholders for the Information Security Management system and meeting their needs.
  • Understanding the organizational context and determining opportunities and risks regarding information security as a basis for planning actions to address, take on, or handle.
  • Ensuring that our customers are satisfied, including stakeholders in the company’s results, in everything related to the performance of our activities and their impact on society.
  • Establishing objectives and goals aimed at evaluating performance in Information Security matters as well as continuous improvement in our activities, governed by the Management System implemented by this policy.
  • Complying with the requirements of the applicable legislation governing our sector, the commitments we’ve established with customers and stakeholders, and all the internal rules and guidelines of action to which the company is subject.
  • Ensuring the confidentiality of the data handled by the company and the availability of the information systems, both in services offered to customers and in internal management, avoiding undue alterations to information.
  • Guaranteeing the response capacity when facing emergency situations and reestablishing the operation of critical services as quickly as possible.
  • Establishing the appropriate measures for addressing risks derived from the identification and evaluation of assets.
  • Motivating and training all staff who work for the organization, both in the proper performance of their positions and in acting in accordance with the requirements imposed by the reference standard, providing an appropriate environment for the operation of the processes.
  • Maintaining fluid communication both internally, between the various tiers within the company, and with customers.
  • Evaluating and ensuring the staff’s technical skills in the performance of their positions as well as guaranteeing appropriate staff motivation in participating in the continuous improvement of our processes.
  • Assuring the proper condition of the facilities and the right equipment to ensure that they are appropriate for the company’s activities, objectives, and goals. Guaranteeing the continuous analysis of all relevant processes and establishing the appropriate improvements in every case based on the results obtained and the established objectives.

Management is adopting these principles, providing the necessary measures, and giving employees appropriate resources to comply with them by expressing them and making them publicly known through this Information Security Policy.