Commitment to Information Security
At VS&A, information security is a strategic priority. Our policy, aligned with ISO/IEC 27001:2022, establishes a solid framework to protect information assets, ensure operational continuity, and strengthen the trust of our customers and partners
What do we protect?
We preserve the confidentiality, integrity, and availability of information belonging to our employees, customers, and suppliers, ensuring that data is protected against unauthorized access, alterations, or loss.
Objectives of the Information Security Management System
The following objectives are considered for the ISMS along with their respective KPIs:
- Train at least 80% of company employees in cybersecurity:
- 100% of key personnel trained annually.
- Compliance with policies and controls:
- 90% of applicable controls implemented.
- Reduction of residual risks:
- 100% probability reduction of critical risks.
Key principles of our policy:
- Secure authentication and authorization to control system access.
- Protection of technological assets through controls and continuous monitoring.
- Data and system integrity, ensuring that information is not altered without authorization.
- Guaranteed confidentiality through encryption and access controls.
- Audit and traceability of access and relevant events.
Continuous training for all staff on security topics.
Shared responsibility
The General Management leads compliance with this policy, supported by the Information Security Committee and the CISO. All employees, suppliers, and external parties are responsible for acting in accordance with ISMS guidelines.
Continuous improvement
Our Information Security Management System (ISMS) is continuously reviewed and improved to adapt to new risks, technologies, and business needs.