The INFORMA D&B business processes largely depend on its Information Systems and the information they store. The goal of the Information Security Policy is to establish the overall Information Quality and Security directives for the organisation, and to protect the information assets.
These directives include the adoption of a series of organisational measures and rules outlined in this document and elaborated on in the associated documents, aimed at protecting and improving the information resources of INFORMA D&B and the Information Systems used for processing the information, and to combat threats, whether internal or external, deliberate or accidental, with a view to guaranteeing the quality, confidentiality, integrity, availability and legality of the information.
This Policy is based on the recommendations of good practices to guarantee Security in the Management of Information Systems (international ISO 27001 standards) and the applicable legislation in force.
The overriding purpose behind the creation of this policy is to guarantee the quality of the information and access to it for the users to perform their tasks, and to avoid losses of information and non-authorised access to it.
In response to a new technological environment where the convergence between information and communications technology has given rise to a new productivity paradigm for companies, INFORMA D&B is deeply committed to maintaining a competitive service, providing its information services and creating databases containing economic, financial and marketing information of companies and businessmen of the utmost quality, where the use of good practices is essential to achieve the goals of confidentiality, integrity, availability and legality of all the information managed.
Therefore, INFORMA D&B makes the following commitments in building the framework to apply of its Information Security Management System (ISMS):
As such, the following information security goals are established:
Any deliberate or negligent breach of the information security rules established in the ISMS, which could lead to damages (that come to pass or not) incurred by INFORMA D&B, will be subject to appropriate penalties.
All actions that compromise the information security of INFORMA D&B and which are not covered by the information security rules in the ISMS shall be reviewed by the General Management and by the Information Security Committee, to define a solution in accordance with the company’s criteria and the applicable legislation.
Information is an important asset of Informa D&B, and as such must be properly protected throughout its life cycle, from its creation to its destruction.
In order to implement a suitable security level for the processing and use of the information, a classification system shall be established for the information in Informa D&B. This system must allow the information to be categorised in a quick and simple way depending on its degree of confidentiality, integrity and availability, and which shall aid decision making in relation to the security of this information. Therefore, it is necessary to implement an information classification system that accurately reflects the critical degree of the information, in accordance with the following levels:
Each classification level includes the following attributes for its correct classification and utilisation:
|Access||Access to the information is applied to partners, clients, suppliers and other entities with whom commercial relationships may be established||Unrestricted access|
|Creation||The information shall be classified at the moment it is created||The information shall be classified at the moment it is created|
|Reproduction / printing||Its reproduction and/or printing is permitted in accordance with the commercial needs||Its reproduction and/or printing is permitted without restrictions|
|Transmission / transport||For information on hard copy, sent by post, the normal postal service may be used. For electronic transmission, always use coded means when the information is in movement but it is not necessary to codify each file; only the hosting channels or means need by coded.||Its transmission and transport is permitted without restrictions|
|Labelling||For hard copy (paper):
||In the labels of the magnetic devices, document footers and covers no visible classification is necessary|
||The destruction does not require methods that reverse the procedure|
An information security event may be detected through several sources both internal and external to INFORMA D&B, namely:
Upon detection of an occurrence, by any external party, it must be reported immediately and using the fastest means of communication to INFORMA D&B by notifying the Client Support Service firstname.lastname@example.org.