Security Policy

Security Policy

Strands’ senior management is committed to all security aspects in the organization. They recognize the importance of identifying and protecting its information assets, avoiding the loss, disclosure, modification and unauthorized use of the information, and encourage the development, implementation, maintenance and continuous improvement of the Information Security Management System (ISMS).

The managers of Strands are actively involved in:

  1. Periodically establishing the objectives for the management of Information Security, and the necessary actions to implement them.
  2. Performing systematics risk analysis, and assessing the impact and threats.
  3. Validation of actions necessary to reduce the risks identified as unacceptable, according to the criteria established by the Security Committee.
  4. Applying the necessary controls and their corresponding monitoring methods.
  5. Ensuring the compliance with the legal, regulatory, and client requirements assumed by Strands, and contractual security obligations.
  6. Promoting awareness and training on information security for all Strands personnel.
  7. Providing the necessary resources to ensure the continuity of the company business.

The safety objectives of Strands are based on:

  • Protection of knowledge, information and data.
  • Protection of information and communication technologies.
  • Protection of facilities and buildings.
  • Protection of company assets.
  • Protection of business continuity.
  • Compliance with legal and regulatory standards.

Information Security is characterized as the preservation of:

  1. its availability, ensuring authorized users have access to the information and associated assets when required.
  2. its confidentiality, ensuring only those who are authorized can access the information.
  3. its integrity, ensuring that the information remains unchanged and traceable.

Strands’ management nominate the Information Security Manager as the person directly responsible for maintaining this policy for providing advice and guidance for its implementation.

This policy applies to all Strands personnel, as well as to external collaborators and suppliers who work in conjunction with Strands team.