Introduction
The Security Policy of Timedi reflects the concepts, principles, responsibilities and objectives in the area of security, the results of which enable the company to guarantee the necessary freedom of action.
The objective of Integral Security at Timedi is to protect all people — users, professionals and employees alike —, the confidentiality of their communications and the integrity of their information. It also safeguards the other assets that make up the company’s patrimony, such as its facilities or content of all kinds.
Integral Security encompasses the traditional concepts of physical security and logical (technological) security in order to maintain continuity of operations in the face of any adverse circumstance.
An increase in the “security culture” amongst staff will provide clear benefits by enhancing the security of systems and procedures, and will minimise the risk of potential malicious actions. It is essential that all information relating to security matters flows through the appropriate channels both horizontally and vertically within the organisational unit.
Principles
- Global Security is an integrated process aligned with the business, in which the entire company participates.
- Cost-effectiveness. Security is guided by business criteria, taking into account the relationship between expenditure and investment. Its criteria are set centrally, leveraging all existing synergies. This approach enables better performance from the effort applied to security.
- Security must be present throughout its entire work cycle: protection, prevention, detection, response and recovery.
- The means employed must be adapted to the operational environment. Amongst other factors, those with the greatest impact on the activity and security levels of the organisation include competition with other companies, social, political and economic unrest, and amateur or professional hacking.
Responsibilities
The ultimate responsibility for security rests with the management team, which is directly responsible for managing its development and implementation.
The management team will analyse the risks and vulnerabilities in the area of security that may affect the smooth running of operations, and will propose the appropriate rules, means and measures to minimise them.
All staff within the organisation must assume responsibility for maintaining the security of the assets in their care, observing the security regulations established by the management team.
Objectives
All Timedi staff will be aware of and will apply the regulations that implement this Security Policy.
To achieve and maintain the level of security required to adequately guarantee the continuity of operations, even in adverse situations.
To increase the integration and mutual support between the physical and logical aspects of security.
To collaborate in the management of other security disciplines, including occupational and environmental aspects, applying the criteria that promote Corporate Social Responsibility.
To establish the corporate security structure defined by the organisation’s decision-making bodies and to create appropriate communication channels amongst all those involved.
To comply with official regulations in the area of security and other applicable requirements.
To establish and implement Security Training and Awareness Plans to improve staff training.
An express commitment to continuous improvement.
To integrate the various departments of the company into a security management system that, under common criteria, leverages synergies and achieves consistency in resources and actions.