1Introduction
CAFLER's Security Policy reflects the concepts, principles, responsibilities and objectives regarding security, the results of which guarantee the company the freedom of action it needs.
The aim of CAFLER's Integral Security is to protect the people who work in the company, the confidentiality of their communications and the integrity of their information. It also safeguards the other assets that make up the company's patrimony, such as facilities or contents of any kind.
Integral Security comprises the traditional concepts of physical security and logical (technological) security in order to maintain business continuity in any adverse circumstance.
An increase in the “security culture” among the company's staff will provide clear benefits by enhancing the security of systems and procedures, and will minimise the risk of potential malicious actions.
It is essential that all information regarding security matters flows through the appropriate channels towards the company's decision-making bodies.
2Principles
Integration
Global Security is an integrated process aligned with the business, in which the whole company takes part.
Cost-effectiveness
Security is guided by business criteria, taking into account the relationship between expense and investment. Its criteria are set centrally, taking advantage of any existing synergy. This management enables an overall reduction in spending and a better return on the effort applied to security.
Continuity
Security must be present throughout its entire work cycle: protection, prevention, detection, response and recovery.
Suitability
The means employed must adapt to the business environment. Among other factors, those that stand out for their impact on the business and on the organisation's security levels are competition with other companies, social, political and economic unrest, and amateur or professional “hacking”.
3Responsibilities
Management board
Ultimate responsibility for security lies with the management board, which is directly responsible for managing its development and implementation.
Management team
The management team will analyse the security risks and vulnerabilities that may affect the proper functioning of the business and will propose the appropriate rules, means and measures to minimise them.
All staff
All staff in the organisation must take responsibility for maintaining the security of the assets in their charge, observing the security rules implemented by the management team.
4Objectives
- To achieve and maintain the level of security required to adequately guarantee business continuity, even in adverse situations.
- To increase the integration and mutual support of the physical and logical aspects of security.
- To collaborate in the management of the other security disciplines, including labour and environmental aspects, in accordance with the criteria that strengthen Corporate Social Responsibility.
- To establish the corporate security structure defined by the organisation's decision-making bodies and to create the appropriate communication channels among all those involved.
- To comply with official security regulations and other requirements.
- To establish and implement Security Training and Awareness Plans to improve staff training.
- An express commitment to continuous improvement.
- To integrate the various departments of the company into a security management system that, under common criteria, takes advantage of synergies and achieves consistency in resources and actions.
- All CAFLER staff will know and apply the regulations developed by this Security Policy.