Skip to main content

Information Security Policy

BI4ALL is committed to preserving confidentiality, integrity, and availability of information by implementing a risk management process that provides stakeholders with confidence that risks are appropriately managed and mitigated.

 

To this end, the following guiding principles are established as organisational security standards and best practices in information management, which must be applied by all stakeholders involved in its activities:

 

  • Conscious and formal commitment through confidentiality agreements with the policies and procedures applicable to the parties involved.

 

  • Adoption of controls based on the principle of information access minimisation: information should be produced only by those authorised to do so, shared only with those who need it, and stored in ways that ensure access solely by those who may legitimately require it.

 

  • Ensuring that information protection is appropriate to the importance and value of its classification.

 

  • Operating and delivering services in compliance with the organisation’s requirements, clients’ requirements, and applicable statutory, legal, and regulatory obligations.

 

  • Commitment to continually improving the information security management system, in line with the standards adopted, by reducing identified risks to its information assets.

 

  • Pursuit of full achievement of its information security objectives, which aim to ensure confidentiality by preventing unauthorised access to information; availability by ensuring that authorised individuals can access information whenever needed and promptly, without compromising commitments made to clients; and integrity, by maintaining the accuracy of the information and its processing methods.

 

  • Ensuring personal data protection complies with applicable data protection laws and promotes privacy and data security practices that respect the rights and expectations of data subjects.

 

These principles shall be applied throughout all processes — from identifying a business opportunity to the final obligations under a contract — ensuring that all stakeholders are aware of the need for constant adaptation to the evolving technological and social threats to information security.