Information Security Policy

Information Assets and Information Security

What is Information?

Information encompasses all communication flows and knowledge representations such as data, facts or opinions, in any media or format (e.g. text, numbers, graphics, maps, narrative, audio-visual or combinations thereof). 

 

What is an Information Asset?

Information Asset means any asset that stores information, under any format, and which has an intrinsic value to the company. The assets include the actual information entities (e.g. databases, contracts, etc.), software (e.g. applications, operating systems, network platforms, etc.), hardware (e.g. computers, communication networks equipment, etc.), services (e.g. electronic communications, energy, etc.), people (e.g. skills, knowledge, etc.), intangible assets (e.g. goodwill and corporate image, etc.), among others. 

What is Information Security?

Information Security means protecting information together with its support assets on all three pillars, throughout its whole life cycle.

 

  • Confidentiality - Means information may be accessed only by authorised persons on a need-to-know basis. Prevents unauthorised access and/or disclosure of information, whether accidentally or intentionally.
  • Integrity - Means guaranteeing the accuracy of information, its processing methods and storage assets (systems, infrastructures or others). Ensures that information is consistent regardless of the storage medium used. Prevents modification, loss or unauthorized and/or accidental deletion of information.
  • Availability - Means guaranteeing access without undue delay to the information/services and correspondent storage assets when needed and as allowed.

Protection of information must also comply with both our company’s internal policies regarding information and applicable laws and regulations. It should also consider the service requirements documented in SLA, contracts or operational agreements with customers.