Security policy
Information Security Policy
Information must be generated, processed and controlled under the security levels established by HOUND LINE so that it remains protected against loss, alteration or unauthorized disclosure. These security levels are based on the controls of UNE-ISO/IEC 27002 and objectives established in UNE-ISO/IEC 27001:2022.
Objectives
This Policy constitutes the reference framework through which Hound Line defines the guidelines for effective protection of managed Information and has the following objectives:
General principles
The achievement of the objectives described is articulated through the following general principles:
Information must be generated, processed and controlled under the security levels established by HOUND LINE so that it remains protected against loss, alteration or unauthorized disclosure. These security levels are based on the controls of UNE-ISO/IEC 27002 and objectives established in UNE-ISO/IEC 27001:2022.
Objectives
This Policy constitutes the reference framework through which Hound Line defines the guidelines for effective protection of managed Information and has the following objectives:
- Guarantee the degree of confidentiality necessary for each type of Information, in accordance with the classification established in the Information Classification Procedure.
- Maintain the integrity of the information, so that it is not altered with respect to the time at which it was generated by the owners or those responsible for it.
- Ensure the availability of the Information, in all media and whenever necessary, ensuring business continuity and compliance with all obligations that are required of the Company
General principles
The achievement of the objectives described is articulated through the following general principles:
- This Security Policy, as well as the rest of the rules, must be accessible to all members of Hound Line within the scope of the ISMS, as well as to personnel outside the ISMS who are related to it through any of its processes.
- All personnel within the scope of the Hound Line ISMS must have adequate training and awareness in matters of Information Security.
- Hound Line must comply with all legal, regulatory and statutory requirements that apply to it, as well as contractual requirements.
- The confidentiality of the information must be guaranteed at all times. The information owned and/or held by Hound Line must only be accessible to duly authorized persons, whether or not they belong to the Organization.
- The integrity of the information must be ensured through all the processes that manage, process and store it.
- The availability of the information must be guaranteed through appropriate backup and business continuity measures.
- Any incident or weakness that may compromise or has compromised the confidentiality, integrity and/or availability of the information must be recorded and analyzed to apply the corresponding corrective and/or preventive measures.
- Every member of Hound Line within the scope of the ISMS, whether belonging to the Security Committee or the operational group, is responsible for implementing, maintaining and improving this Policy, as well as ensuring compliance with it.
- Each Hound Line member within the scope of the ISMS is responsible for ensuring the proper implementation, maintenance and improvement of the ISMS, as well as its compliance with the ISO/IEC 27001 standard.
- Develop controls and control objectives to identify and assess risks to information assets.
- Comply with the requirements of commercial, legal, regulatory and contractual security obligations.
- Provide resources and responsibilities to implement and sustain the process of continuous improvement of Information Security Management and meet the objectives established annually.
