ADOLFO DOMÍNGUEZ, in consideration of information security and availability, has established a Management System for Information Security and Availability, in conformance with the requirements of standards ISO 27001 and ISO 22301, to guarantee the continuity of the information systems, minimise the risks of damage and guarantee compliance with the objectives set.
The objective of this policy is to create the necessary frame of action in order to protect the information resources from threats, whether internal or external, deliberate or accidental, in order to guarantee compliance with the confidentiality, integrity and availability of the information.
The efficacy and application of the system is the direct responsibility of the Information Security Committee, which is responsible for approving, informing and complying with this Security Policy. On its behalf, a Manager has been appointed to the Information Security Committee, with sufficient authority to perform an active role in the Information Security Management System, supervising the implementation, development and maintenance.
The Information Security Committee will develop and approve the risk analysis methodology used in the Information and Continuity Security Management System.
Any person whose activity may, directly or indirectly, be affected by the requirements of the system implemented, is obliged to strictly comply with the Security Policy.
At ADOLFO DOMÍNGUEZ we will implement all measures necessary in order to comply with applicable regulations for security in general and IT security, with regards to IT policies, building and installation security and the behaviour of employees and third parties associated with ADOLFO DOMÍNGUEZ in the use of IT systems. The necessary measures in order to guarantee information security through the application of standards, procedures and controls must permit guaranteed confidentiality, integrity, information availability, essential for:
- Complying with current legislation with regards to information systems.
- Guaranteeing confidentiality of the data managed by ADOLFO DOMÍNGUEZ.
- Guaranteeing availability of the information systems, both in services offered to customers and internal management.
- Guaranteeing the ability to respond to emergency situations, re-establishing operation of critical services in the shortest time possible.
- Avoiding unnecessary alterations to the information.
- Promoting awareness and education regarding information security.
Setting objectives and goals focused on assessing the performance of information security, as well as continuous improvement of our activities, regulated by the Management System in this policy.
In order to comply with these principles, the Management at ADOLFO DOMÍNGUEZ commits to provide the resources necessary for permanent identification and evaluation of information risks and the systems that process them, the control and reduction of those possible and the constant tracking of others.
This risk management takes place through the development and implementation of security controls, regulations and procedures to apply the selected security measures.
This Policy is implemented, updated and informed to all employees. Furthermore, it is available to the public.
Version 2.0 approved on 17/04/2024