As leaders in road safety, our desire is to contribute and provide the greatest possible value to society by offering technological solutions that help reduce traffic accidents and aim towards a future where society can enjoy safer and more sustainable mobility.
Extending our commitment to safety, we have also adopted an Information Security System that seeks not only to provide road safety and reduce traffic accidents but also to ensure the security of our internal management regarding the information security of our members.
Therefore, the leadership team and the ERUM VIAL committee promote the implementation, maintenance, and continuous improvement of an Information Security System based on the requirements of the reference standards UNE-ISO/IEC 27001 (Information Security Management Systems).
The following foundations are established as pillars of the organization to achieve and guarantee the effectiveness of the Management System:
To ensure the satisfaction of our clients’ requirements and expectations through a comprehensive and multidisciplinary understanding of their needs.
To guarantee that all services provided are managed to ensure compliance with deadlines, expected responses, high quality, and benefit to the client, as well as information management with a high level of security, thus simultaneously improving the company’s competitiveness.
To ensure that the requirements agreed upon with clients, especially those related to information security, as well as all applicable legal requirements, are met and maintained.
A strong commitment to the client to guarantee uninterrupted service with quick and adequate management of Information Security incidents.
Leadership and staff participation, motivating and encouraging ERUM VIAL’s human capital through a good work environment, training, and engagement with the company’s security objectives.
Awareness and active participation to establish and meet the objectives and goals related to Information Security Management.
Special emphasis on training and awareness derived from the Management Systems implemented in the organization.
Adding value to the client through the use of information technologies within the continuous innovation process in creating solutions, as well as adopting state-of-the-art cybersecurity measures.
Managing the provision of services performed by ERUM VIAL to clients efficiently and effectively, within a lifecycle that allows continuous improvement of the implemented processes.
Ensuring the confidentiality, integrity, and availability of information.
Having Business Continuity mechanisms always considering Information Security in disruptive events.
Thus, the Information Security Management Policy constitutes the framework for the establishment and review of ERUM VIAL’s Information Security objectives and goals, ensuring continuous improvement in performance and the approval of programs and plans to achieve them.
As a result of concerns regarding Information Security, ERUM VIAL conducts a risk analysis based on the ISO 27005 standard, which will be continuously updated to maintain control over possible new risk situations and the establishment of corresponding treatment plans for unaccepted risks. Additionally, an appropriate threat intelligence registry is introduced to contribute to effective real-time risk management. Based on the results obtained in the planning phase, security controls are implemented, and management system procedures are operated according to process requirements.
Moreover, the ERUM VIAL leadership team guarantees the promotion of the System, data analysis, and decision-making by ensuring the availability of resources and communication among all departments within the company’s organizational structure. Likewise, it proactively and positively influences the behavior of its stakeholders and main suppliers and contractors, promoting responsible behaviors towards information security.
Improvements are evaluated, and once their feasibility is studied, they are implemented, operated, and maintained. The entire Management System is based on a continuous improvement cycle that includes planning activities, implementation and operation, review, and subsequent improvement.
Improvements to this policy and the underlying Management Systems are established during review and improvement phases based on input from both internal and external personnel.
This policy is communicated to all ERUM VIAL collaborators and is available to our stakeholders. All ERUM VIAL employees are required to comply with the standards and procedures derived from this policy.
V1.0
