Security policy
We inform our clients and partners of the existence of established Information Security Guidelines within our organization, demonstrating Cuatroochenta’s commitment to protecting and upholding the principles of confidentiality, integrity, availability, authenticity, and traceability of the information managed across the company.
We operate under an Information Security Management System (ISMS) that not only governs the use of assets but also extends to all individuals and third parties, who are expected to understand and comply with these Guidelines. Our ISMS is structured in accordance with the ISO/IEC 27001:2013 standard and the Spanish National Security Framework (ENS). Both the Security Policy and the Guidelines are aligned with the General Data Protection Regulation (GDPR).
This security framework applies across the following areas of the organization:
-
Access to facilities: We regulate access to our premises, with particular focus on secure areas and third-party access.
-
Access to the corporate network: Corporate resources are protected using appropriate technical security measures to safeguard information, whether accessed onsite or remotely. Usage is governed by policies designed to protect sensitive and confidential data.
-
Use of assets: All team members at Cuatroochenta are committed to the responsible use and care of the equipment provided for their professional duties. Usage guidelines and protective configurations are applied to secure the information stored on these devices.
-
Internet use: We place special emphasis on regulating internet, email, and cloud storage usage for professional purposes, minimizing risks associated with unregulated use.
-
Incident management: The active involvement of our team in security matters enables early detection of potential threats to the confidentiality, integrity, and availability of services or supporting assets.
-
Business continuity: All measures in place to ensure service availability and continuity are aligned with the requirements of our certified standards.
-
Intellectual property: Protected under confidentiality agreements and internal security policies observed by all team members at Cuatroochenta.
Violations of the Information Security Policies and Guidelines are subject to disciplinary action in accordance with applicable legal frameworks.
Both the Security Policy (SGSI01) and the Security Guidelines (SGSI02) are reviewed periodically to ensure alignment with the evolving needs of the organization.
The Cybersecurity Committee acknowledges the importance of these policies and plays an active role in their review.
Our core responsibility is to deliver innovative solutions and services of the highest quality. As a mark of trust and assurance, Cuatroochenta undergoes regular independent audits to certify its management and production systems according to key international standards, including:
-
ISO/27001: Certification for Information Security Management Systems (ISMS)
-
ENS: National Security Framework (Spain)