INFORMATION SECURITY AND CYBERSECURITY MANAGEMENT SYSTEM (ISMS)
Information being an asset that is exposed to risks and threats in a constantly changing technological environment, and whose occurrence can generate a significant economic impact for In Motion and associated organizations, has considered relevant the implementation of an ISMS that allows protection from information assets properly.
This policy is addressed to In Motion collaborators, its Suppliers, Information Assets of the company, and its clients that are under administration or with evolutionary support, applying the respective controls based on risk management and the respective information classification. .
INFORMATION SECURITY AND CYBERSECURITY POLICY
“At In Motion we are aware that Information Security and Cybersecurity are a fundamental component for the fulfillment of the strategic objectives of the organization, being one of the pillars of the Digital Transformation Process, and thus guarantee compliance with the principles of Confidentiality, Availability, and Integrity”.
“This is why we assume the commitment to develop, maintain, and continuously improve an Information Security Management System aligned with the needs of the organization, our clients, and current legal regulations on the protection and security of assets. of information under our administration.
The Organization chooses to implement the ISO/IEC 27001:2013 Standard and its dissemination among its collaborators, suppliers, and clients applying the virtuous circle of continuous improvement methodology to the system.
INFORMATION SECURITY OBJECTIVES
The objectives of Information Security and Cybersecurity are:
- Manage Risks at an acceptable Level through the maintenance of an information security management system and its respective controls.
- Comply with the directives indicated in the ISO27001:2013 Information Security Standard, being its implementation in the interest of In Motion and its clients.
- Document, Implement, and have a record of the Controls that correspond as a result of the risk analysis carried out on the information assets and that are part of the declaration of applicability.
- Establish a Training and Awareness Plan in information security and cybersecurity that helps all the personnel involved to know and comply with the defined management activities and to participate proactively in security management.