LINGUASERVE is committed to Information Security, expressed in several aspects. From our commitment to customers, employees, suppliers and institutions, one of the key commitments of our mission is to adopt the necessary measures so that the information handled by the organization is accurate and available at the required time.
LINGUASERVE has implemented the necessary control so that said information cannot be accessed by unauthorized personnel.
LINGUASERVE’s security policy is based on fundamental security guidelines on the basis of the requirements set forth in ISO/IEC 27001:2013 standards, thus ensuring the quality of the products and services, and the confidentiality, integrity, availability, authenticity and traceability of information systems:
- Management’s Commitment. Information security has the commitment and support of all levels of management so that it can be coordinated and integrated with the rest of LINGUASERVE’s strategic initiatives. As a demonstration of this commitment, General Management ensures compliance with this document, keeping it up to date and approved, providing all the economic and logistic means for the creation, implementation, maintenance and development of the information security management system.
- Comprehensive Process. Security shall be understood as a comprehensive process constituted by all the technical, human, material and organizational elements related to the system. Information security in the provision of services shall be considered part of the usual operation, being present and applied from the initial design of the information systems.
- Risk-based security management. The risks that could jeopardize the quality in the delivery of the services and the security of the information handled in them are studied and evaluated. To this end, and based on their criticality, the necessary measures to mitigate these risks will be applied by carrying out periodic evaluations that allow obtaining the status of how the treatment of the risk is being managed.
- Prevention, reaction and recovery. The system’s security covers aspects regarding prevention, detection and correction to ensure that threats do not affect the information and the quality of the services. To this end, revision cycles based on risk planning, implementation of mitigation measures and the subsequent re-evaluation will be carried out.
- Line of defense: Appropriate mechanisms will be implemented to ensure the availability of information systems and favor the continuity of services, prioritizing the adequate reaction in response to incidents in order to reduce the probability of the service being compromised.
- Periodic re-evaluation. Management carries out a periodic evaluation in relation to the quality in the provision of services and the security measures applied to adapt their efficiency to the constant evolution of the risks, setting targets as a commitment to the continuous improvement of the system.
- Differential responsibility. In the information systems, there will be a difference between the person responsible for the information, who determines the security of the handled information, the person responsible for the service, who determines the security requirements of the provided services and the person responsible for security, who decides how to satisfy security requirements.
To elaborate its Security Policies, LINGUASERVE has taken into account what is established for the compliance of the Integrated Management System, as well as the requirements set forth in the applicable legal and regulatory framework in which its operations are carried out.
This Security Policy in its version 2.1 has been approved by the LINGUASERVE Management on 31/01/2023.