Corporate management systems: Quality and Security
Red.es is aware of the importance of excellence and continuously improving all its processes. For this purpose, it has implemented a Quality Management System based on the UNE EN-ISO 9001:2015 international standard, and an Information Security Management System based on the UNE-ISO/IEC 27001:2014 standard. Both systems are certified by AENOR.
As a Public Entity, Red.es also complies with the guidelines of the National Security Scheme, approved by RD 3/2010 of 8 January.
These systems have enabled us to develop interrelated strategic, operational and support processes, optimise the Entity’s resources, reduce expenses, and increase project execution efficiency, and also to remain in line with the needs of our stakeholders.
They have also afforded major benefits and competitive edges for Red.es beyond mere legal and regulatory compliance by improving the operations of its processes, guaranteeing the security of its assets and managing its risks.
Red.es is also a partner of the Spanish Association for Quality. It participates in the Quality Community and actively collaborates with AENOR on various Standardisation Committees to draft different Standards.
Quality Management System
What is a Quality Management System?
A Quality Management System is a Management method used by organisations, supported by a series of documents that compile the Entity’s knowledge and methods of action.
It is a results-based method related to quality objectives to satisfy the needs, expectations and requirements of stakeholders.
This system combines Process Quality with User and Customer Satisfaction.
The main advantages of implementing a Quality System include:
- Adapting to the demands and expectations of customers/end users.
- A solid structure for all of the organisation’s processes.
- Standardising and systematising of activities.
- Strategic quality planning.
- Identifying business areas with room for improvement.
- Establishing global business indicators and scorecard.
- Implementing a continuous improvement methodology by analysing indicators.
- Adoption by personnel of a quality culture.
- Participation and engagement of company personnel.
- Establishing interdepartmental relations.
- Promoting initiative and creativity.
Our Quality Management System
Aware of the importance of these systems, Red.es has implemented a Quality Management System based on the UNE-EN ISO 9001 Standard, in line with the entity’s Mission and Vision. This tool allows us to contribute to turning Spain into a fully networked society as soon as possible.
The Quality Management System is a support tool for achieving our objectives and promoting the corporate values of commitment, proactiveness, efficiency and collaboration. This will enable us to improve our relationship with citizens, partner organisations and administrations in order to provide them useful services adapted to their needs.
The most useful resource to achieve this goal is our personnel. Therefore it is important that this System also contributes to continually improving their working conditions and professional and personal skills, thus motivating them to achieve the objectives set.
This policy will be periodically revised at least once a year according to the organisational needs and the spirit of the Quality Management System.
Information Security Management System (ISMS)
What is an ISMS?
Information is a major asset for Red.es, it must be precise, timely and relevant, and it is essential for ensuring that the organisation’s activity is effective. Therefore, information security management is essential to take care of such a valuable asset, and it must address a series of challenges:
- External and internal intruders, as well as viruses, worms, etc.
- Increasing regulatory pressure: Personal Data Protection Act (LOPD), insurance, quility regulations, etc.
- Increasing complexity of services and systems.
- Need for business continuity plans.
Why have an ISMS?
The purpose of an Information Security Management System is to guarantee that the risks involved are understood, assumed, managed and minimised by the organisation in a documented, systematic, structured, repeatable and efficient way, adapted to changes that occur in risks, the environment and technology.
The main objectives to meet by developing and implementing an Information Security Management System are:
- Protect the entity’s information assets against threats, whether internal or external, deliberate or accidental. These threats include: unauthorised access, unauthorised modifications, loss of information, computer attacks, viruses, etc.
- Reduce the risks of human error, irregularities, fraud, misuse and unauthorised handling of information.
- Continuously improve the entity’s information security by periodically analysing risks to understand and update the threats and risks of information assets, so as to strengthen the security controls implemented or implement new controls.
- Efficiently and effectively manage security incidents to ensure adequate service provision and business continuity.
- Ensure that all Red.es personnel understand the main information security threats and risks.
- Comply with legislative and regulatory requirements related to information security.
The Information Security Management System offers the organisation numerous advantages:
- Confidentiality; information can only be accessed by authorised personnel.
- Information and associated assets are available to authorised users when required.
- Integrity of the information to avoid it being modified by unauthorised users.
- Authenticity to guarantee that the information used is authentic.
- Traceability to ensure that we can later track who accessed and modified the information.
- Element of differentiation in the sector of the organisation, such as a trusted service provider.
- Accuracy and completeness of the information and calculation methods.
- Increased internal commitment as the system enables us to guarantee the effectiveness of efforts dedicated to Information Security Management.
- Guarantee conformity and compliance with aspects related to applicable regulations and laws to competent authorities, with records to demonstrate this.
- Establishment of plans for suitable business continuity management.
- Establishment of processes and activities to review, continuously improve and audit information management and processing.
Conscious of the importance of the terms mentioned above, Red.es has implemented an Information Security Management System (ISMS). This guarantees the optimum use of a resource as important as information.