IDONIKA aims to safeguard the security of information, whether personal or not, and for this purpose, establishes an Information Security system with the objective of ensuring the reduction of associated risks and cybersecurity, that information is accessible only to those users who have a legitimate need to perform their functions, that it is protected, available, and used for the purposes for which it was obtained. To achieve this, IDONIKA defines the following strategic objectives:
The Information Security Policy concerns all users and must be applied to all information created, processed, or used by IDONIKA, regardless of the medium, format, presentation, or location in which it is found. All security measures taken are aimed at protecting the information and the information systems that support it, including applications, operating system resources, telecommunications networks and media, and computer equipment, whether managed by IDONIKA or by companies or individuals expressly authorized for this purpose, such as those who have signed a service provision or data processing agreement with IDONIKA or legally authorized assignees. The Information Security and Cybersecurity Policy is focused on attempting to ensure the following three main scenarios:
The Information Security Policy will be developed through security regulations that address specific aspects and will be reviewed at least once a year and whenever there are relevant changes in the organization, to ensure that it aligns with the organization’s strategy and needs. This policy applies to all IDONIKA workplaces and is implemented within an Information Security framework in accordance with the ISO 27001:2013 standard.
Revision 1: February 22, 2023
Signed by Management