General Information
ENGINY’s Security Policy defines the concepts, principles, responsibilities, and objectives related to security, ensuring the company maintains the necessary freedom of action to operate effectively.
The objective of ENGINY’s Integrated Security is to protect all individuals, including users, professionals, and employees, as well as the confidentiality of communications and the integrity of information. It also safeguards other company assets, such as facilities and all types of content.
Integrated Security covers both physical security and logical (technological) security, ensuring business continuity in the event of adverse or unexpected circumstances.
Promoting a strong security culture among personnel delivers clear benefits by strengthening systems and processes and reducing the risk of malicious actions. It is essential that all security-related information flows through appropriate channels, both horizontally and vertically across the organization.
Principles
Integration
Security is a fully integrated process aligned with business activities and involves the entire organization.
Cost-effectiveness
Security is guided by business criteria, balancing cost and investment. Policies and decisions are defined centrally, leveraging synergies to maximize the effectiveness of security efforts.
Continuity
Security is present throughout its entire lifecycle: protection, prevention, detection, response, and recovery.
Adequacy
Security measures are adapted to the operational environment. Factors such as competition, social, political, or economic instability, and amateur or professional hacking have a direct impact on organizational security levels.
Responsibilities
Management Team
The management team holds ultimate responsibility for security and is directly accountable for its development and implementation.
The management team analyzes security risks and vulnerabilities that may affect business operations and defines the rules, resources, and measures required to mitigate them.
All Personnel
All employees and collaborators are responsible for maintaining the security of the assets under their control and for complying with the security policies and procedures established by management.
Objectives
• Ensure and maintain an appropriate level of security to guarantee business continuity, even in adverse situations.
• Strengthen integration and cooperation between physical and logical security controls.
• Collaborate in the management of other security disciplines, including occupational and environmental security, in alignment with Corporate Social Responsibility principles.
• Establish a corporate security structure defined by the organization’s decision-making bodies and ensure effective communication channels among all stakeholders.
• Comply with applicable laws, regulations, and other security-related requirements.
• Define and implement Security Training and Awareness Programs to improve staff knowledge and preparedness.
• Maintain a clear commitment to continuous improvement.
• Integrate all company departments into a unified security management system that leverages synergies and ensures consistency in resources and actions.
• Ensure that all ENGINY personnel are aware of and comply with the regulations derived from this Security Policy.