INFORMATION SECURITY POLICY
INTRODUCTION
This document sets out the General Information Security Policy of WORLD WIDE MOBILITY, S.L. (hereinafter, “WORLD WIDE MOBILITY”), understood as the set of basic principles governing the organisation’s approach to Information Security.
Information Security is understood as an integral process consisting of all technical, human, material and organisational elements related to information systems, excluding any isolated or temporary actions.
All other documents related to Information Security within WORLD WIDE MOBILITY shall be aligned with the guidelines contained in this General Information Security Policy.
OBJECTIVE
The objective of this General Information Security Policy is to establish a common regulatory framework within WORLD WIDE MOBILITY allowing the identification, development and implementation of the technical and organisational measures necessary to ensure the security and protection of information, including personal data, as well as the information systems supporting the organisation’s activities.
COMMUNICATION
This document shall be published on the internal systems of WORLD WIDE MOBILITY and communicated to all relevant stakeholders, particularly internal personnel handling information assets.
Additionally, this policy shall be published on the WORLD WIDE MOBILITY website for external stakeholders.
MANAGEMENT COMMITMENT
Information, particularly personal data of employees, customers and suppliers, as well as the systems that support such data, are considered strategic assets for WORLD WIDE MOBILITY.
Management undertakes to lead and promote Information Security at all levels in accordance with this policy and the objectives defined herein.
SCOPE
This policy applies to all resources, services and business processes of WORLD WIDE MOBILITY, including all information systems involved in service delivery and supporting organisational functions.
It applies to all employees, direct customers and suppliers who use or interact with the organisation’s information systems.
INFORMATION SECURITY OBJECTIVES
The following principles are established to ensure Information Security:
- Availability: Information and systems are accessible when required.
- Confidentiality: Only authorised persons may access information and systems.
- Integrity: Accuracy and protection of information against unauthorised alteration or destruction.
- Legality: Information is processed in compliance with applicable legal frameworks.
- Training: Ensuring appropriate awareness and training in information security within the organisation.
- Incident Management: Risk analysis and incident response mechanisms to prevent, detect, react and recover from security incidents.
- Authenticity: Verification of identities of users, devices and entities accessing information systems.
- Non-Repudiation: Ensuring actions or transactions cannot be denied once performed.
REGULATORY COMPLIANCE
This policy and its supporting documentation are aligned with applicable laws, regulations and standards affecting WORLD WIDE MOBILITY.
RESOURCE ALLOCATION
Management commits to providing the necessary resources to implement and maintain Information Security processes and to foster continuous improvement.
ROLES AND RESPONSIBILITIES
- Comply with this policy and all related procedures.
- Actively contribute to cybersecurity.
- Maintain professional secrecy and confidentiality.
- Report suspected incidents or security breaches.
Overall responsibility for Information Security lies with the person appointed as Information Security Management System (ISMS) Manager.
AUDIT
Information systems shall be subject to periodic internal or external audits to verify compliance and effectiveness of security controls.
SUPPLIERS AND THIRD PARTIES
Relevant acquisitions or services impacting information systems shall undergo risk analysis, and security requirements shall be formally agreed with suppliers.
EXCEPTION MANAGEMENT
Any exception to this policy must be registered, reviewed and approved by the responsible ISMS authority.
CLIMATE CHANGE
The organisation has assessed its activities and determined no significant climate impact beyond standard legal requirements.
APPROVAL AND REVIEW
This policy is approved by the governing bodies of WORLD WIDE MOBILITY and shall be reviewed annually or upon significant changes.
ENTRY INTO FORCE
This Information Security Policy enters into force on the date of publication and internal distribution.