You are here




We work for digital convergence with Europe


Information Security Management System (ISMS)
What is an ISMS?

Information is a major asset for, it must be precise, timely and relevant, and it is essential for ensuring that the organisation’s activity is effective. Therefore, information security management is essential to take care of such a valuable asset, and it must address a series of challenges:

  • External and internal intruders, as well as viruses, worms, etc.
  • Increasing regulatory pressure: Personal Data Protection Act (LOPD), insurance, quility regulations, etc.
  • Increasing complexity of services and systems.
  • Need for business continuity plans.
  • Etc.        
Why have an ISMS?
The purpose of an Information Security Management System is to guarantee that the risks involved are understood, assumed, managed and minimised by the organisation in a documented, systematic, structured, repeatable and efficient way, adapted to changes that occur in risks, the environment and technology.
The main objectives to meet by developing and implementing an Information Security Management System are:
  • Protect the entity’s information assets against threats, whether internal or external, deliberate or accidental. These threats include: unauthorised access, unauthorised modifications, loss of information, computer attacks, viruses, etc.
  • Reduce the risks of human error, irregularities, fraud, misuse and unauthorised handling of information.
  • Continuously improve the entity’s information security by periodically analysing risks to understand and update the threats and risks of information assets, so as to strengthen the security controls implemented or implement new controls.
  • Efficiently and effectively manage security incidents to ensure adequate service provision and business continuity.
  • Ensure that all personnel understand the main information security threats and risks.
  • Comply with legislative and regulatory requirements related to information security.
The Information Security Management System offers the organisation numerous advantages:
  • Confidentiality; information can only be accessed by authorised personnel.
  • Information and associated assets are available to authorised users when required.
  • Integrity of the information to avoid it being modified by unauthorised users.
  • Authenticity to guarantee that the information used is authentic.
  • Traceability to ensure that we can later track who accessed and modified the information.
  • Element of differentiation in the sector of the organisation, such as a trusted service provider.
  • Accuracy and completeness of the information and calculation methods.
  • Increased internal commitment as the system enables us to guarantee the effectiveness of efforts dedicated to Information Security Management.
  • Guarantee conformity and compliance with aspects related to applicable regulations and laws to competent authorities, with records to demonstrate this.
  • Establishment of plans for suitable business continuity management.
  • Establishment of processes and activities to review, continuously improve and audit information management and processing.
Conscious of the importance of the terms mentioned above, has implemented an Information Security Management System (ISMS). This guarantees the optimum use of a resource as important as information.