Responsive Menu
Add more content here...

Security Policy

Security, Trust, and Commitment: ISO 27001 at TICGAL

At TICGAL, we reaffirm our commitment to information security by achieving ISO 27001 certification, the leading global standard in security management.

Protecting the data of our clients and collaborators is a top priority. This recognition validates our information security management, encompassing the systems that support TICGAL’s business processes, following the current statement of applicability.

Why is ISO 27001 Certification Crucial?

ISO 27001 certification is not just a certificate; it guarantees our compliance with international standards regarding the confidentiality, integrity, and availability of information. This allows us to:

  • Diligently protect clients’, employees’, and partners’ data.
  • Minimise cybersecurity risks and potential information vulnerabilities.
  • Ensure compliance with applicable regulations and laws.
  • Implement robust and effective security solutions.
  • Demonstrate our unwavering responsibility and commitment to security.

A Long-Term Commitment

This certification reiterates our commitment to information protection and continuous improvement. We will continue to work tirelessly with the highest standards to guarantee the security and trust of all those who rely on us.

Global Security Policy (extract)

Responsibilities

  • CEO/COO: Define policy objectives and approve the document.
  • ISO: Design, approve, implement, monitor, review, and disseminate the policy.
  • IT Manager: Understand and comply with the policy, identify risks, and propose mitigations.
  • Employees: Understand and comply with equipment and systems usage rules.

Scope

This policy applies to all TICGAL information systems and those interacting with them.

Equipment and Software Use

  • Equipment is delivered configured.
  • Equipment is for work use only.
  • All software must be licensed.
  • No unauthorised hardware or software manipulation.
  • No removal of company hardware without authorisation.

Clean Desk Policy

  • Protect documentation.
  • Lock sessions when leaving workstations.
  • Equipment for work use only.
  • Securely destroy documentation.

Email

  • Email accounts are TICGAL property.
  • TICGAL may monitor the email system.
  • Passwords are personal and non-transferable.
  • Do not open suspicious email attachments.

Systems Protection

  • The Systems Manager maintains updated equipment.

Network Access

  • Access is restricted to authorised users.
  • Separate Wi-Fi for external personnel and specific devices.

Resource Use

  • Resources for professional use.
  • No personal use of resources.
  • Assigned devices must be returned.
  • No use of removable media without authorisation.
  • No cloud storage without authorisation.
  • Communications via company assets may be monitored.
  • Internet use must be responsible.

Physical Security

  • Precautions are taken to prevent unauthorised access to facilities.

Identification and Authentication

  • Each user has a personal username and password.
  • Strong passwords are used and changed regularly.
  • 2FA is used in critical applications.

Content Filtering

  • Antivirus and firewall used.

Information Management

  • Information classified as Confidential, Internal, or Public.
  • Confidentiality agreements signed.
  • Access controls monitored.
  • Confidential information requires approval for transmission.
  • Devices with confidential information must be encrypted.

Passwords

  • Minimum 10 alphanumeric characters.
  • Avoid easily guessed data.
  • Do not write down or store unencrypted.
  • Change regularly.

Security Incidents

  • Report any incident immediately to the systems department.

Business Continuity

  • Security measures are in place to ensure business continuity.

Compliance

  • TICGAL is committed to the correct use of personal data.
  • Confidential communication channel for reporting non-conformities.

This is an excerpt. See the entire document for details. This policy is part of TICGAL’s ISMS certified to ISO 27001:2022.