INFORMATION SECURITY POLICY
The purpose of this information security policy is to protect the information assets of CONTENEDORES Y PROCESOS, S.L.U., (hereinafter CYP).
information assets of CONTENEDORES Y PROCESOS, S.L.U., (hereinafter CYP), in particular, the information systems that support the
information systems that support the development of engineering projects in the area of logistics and industrial processes for the automotive sector.
logistics and industrial processes for the automotive sector. This policy is aligned with CYP's
strategic direction of CYP and seeks to support the company's business objectives by means of
the appropriate management of information security.
CYP is committed to:
- Establish, implement, maintain and continually improve an information security management system.
security management system.
- Protect information against loss of availability, confidentiality and integrity.
- Systematically and regularly assess and manage information security risks, implementing appropriate controls to mitigate identified risks.
implementing adequate controls to mitigate identified risks.
- Comply with applicable legal requirements, requirements applicable to the security of information and information systems, the requirements applicable to the security of information and information systems, and the
and information systems, customer expectations and contractual commitments, with regard to the protection of information security.
contractual commitments regarding the protection of sensitive information.
- Ensure that this policy is communicated to all CYP personnel and other interested parties.
stakeholders.
- Periodically review this policy to ensure its continuing appropriateness and effectiveness.
- Implement a continual improvement process to evaluate and adjust the security policy and controls in response to changes in the
in response to changes in the business environment, technological advances and lessons learned from security incidents.
lessons learned from security incidents.
- Foster a culture of information security throughout the organisation.
- Provide ongoing training and awareness to all employees on information security best practices and their individual responsibilities.
security practices and their individual responsibilities in protecting the company's information assets.
protection of the company's information assets.
- Establish procedures for identification, reporting, response and recovery from security incidents.
security incidents.
- Implement and maintain a business continuity and disaster recovery plan that ensures the organisation's ability to continue to
plan that ensures the organisation's ability to continue to operate and recover from disruptions that may affect the
disruptions that may affect the availability of services and information.
Each employee is responsible for complying with this policy and its procedures as applicable to their job.
job. Failure to do so may result in disciplinary action.
This policy has been approved by CYP management and will be reviewed annually or in the event of any significant changes to the
significant change in the business environment or in legal or regulatory requirements.
15 November 2024
