To establish, implement, and maintain an Information Security Management System in order to ensure the protection of information assets which, like any other important business asset, hold value for the organization and therefore must be properly protected and preserved.
To protect information against threats, attacks, and vulnerabilities that may pose a risk to business continuity, minimizing losses and maximizing returns on investment or business opportunities.
To ensure that properly authorized individuals and users have access to information and related assets whenever necessary, guaranteeing the availability, usefulness, and confidentiality of information.
To safeguard the accuracy, integrity, authenticity, and proper handling of information through appropriate methods.
To achieve information security through the proper implementation of preventive measures, recovery measures, and defined controls, ensuring that specific security objectives and policies are met in accordance with the approved Statement of Applicability for the system, as well as management’s commitment to comply with all applicable requirements and continuously improve the system.
