Vincle, in accordance with the ISO standard 27001 and given the importance of information systems, establishes the following key principles of information security:
- Regulatory compliance: all information systems comply with the regulations of legal, regulatory and sectoral application which affect information security, especially those related to personal data protection, systems security, data, communications and electronic services.
- Risk management: risks are minimised to acceptable levels and balance is sought between security controls and the nature of the information. The security objectives are established, reviewed and coherent with information security issues.
- Training and raising awareness: training and sensitisation programmes and awareness-raising campaigns are organised for all users with access to the information, on the subject of information security.
- Availability, integrity and confidentiality:
- The availability of the information is guaranteed, ensuring the continuity of the business supported by the information services through contingency plans.
- The integrity of the information worked with is ensured, so it will be concise and precise, focussing on accuracy, both in its contents and the processes involved.
- The confidentiality of the information is guaranteed, in such a way that only authorised persons have access to it.
- Proportionality: the implementation of controls which mitigate security risks to assets is performed seeking a balance between security measures, the nature of the information and the risk.
- Responsibility: all members of VINCLE are responsible for their behaviour regarding information security, complying with the established standards and controls.
- Continuous improvement: the degree of effectiveness of the security controls implemented in the organization is reviewed on a recurring basis in order to increase the ability to adapt to the constant evolution of risk and the technological environment.
Barcelona, on 25th April 2025.
The Management