Solutions
Features
AI
Testimonials
Blog
Contact
Log in
Log in
ES
EN
ES
PT
Log in
POLICIES OF
Security
Policies
of
privacy
Date 10/03/2022
Version 0
Information Security Policy
FICHAP's Management, through the Information Security Committee (ISC), establishes, promotes, and disseminates the following Policy and objectives for Information Security management at all organizational levels.
The information generated and managed by FICHAP constitutes a key strategic asset to ensure business continuity. In this context, the Information Security Policy aims to protect: information, the means that enable its management, including individuals who access and/or handle the information. This is done to guarantee its integrity, availability, confidentiality, cybersecurity, and privacy protection.
Management Statement of Intent
FICHAP will protect information resources and the technology used for their processing from internal or external, deliberate or accidental threats; in order to ensure the preservation of information integrity, availability, and confidentiality. Furthermore, it will guarantee the continuity of information systems, minimize damage risks, and ensure the efficient achievement of its strategic objectives.
This policy applies to all Fichap's physical locations, virtual environments, internal collaborators, and suppliers, including offices, cloud systems, SaaS tools, and code repositories.
Information Security Principles
- Foster an organizational culture oriented towards information security.
- Engage FICHAP's top management in the dissemination, consolidation, and compliance with the policy.
- Implement committed security measures, identifying available resources and budget allocations.
- Keep policies, regulations, and procedures updated to ensure their validity and effectiveness.
- Promote practices that ensure the continuity of FICHAP's functions.
- Comply with legal, regulatory, and organizational requirements, as well as those of the
organization and continuous improvement.
- Promote security throughout the software development lifecycle.
- Ensure compliance with personal data protection laws
(GDPR, Argentine Law 25.326, LFPDPPP).
Information Security Management Objectives
Achieve adequate levels of integrity, confidentiality, and availability for FICHAP's information, with the aim of ensuring operational continuity of the processes and services it develops, by safeguarding information assets associated with critical business processes and their support.
To this end, specific objectives and indicators will be separately identified to monitor their level of compliance.
Scope of the Information Security Policy
- FICHAP's Information Security Policy is issued in compliance with current legal provisions, with the aim of adequately managing information security.
- This policy must be known and complied with by all FICHAP personnel (directors, employees, contractors), and will be communicated within FICHAP. It will also be available as documented information for interested parties, as appropriate.
- This Policy applies throughout FICHAP's scope, to its resources, and to all internal and external processes linked to the entity through contracts or agreements with third parties.
- Based on the above, the information generated and managed by FICHAP constitutes a key strategic asset to ensure business continuity, making Information Security a tool to guarantee its integrity, availability, and confidentiality.
Roles and Responsibilities
Fichap establishes the following key responsibilities within the ISMS:
- Information Security Committee (ISC): Directs, approves, and reviews the ISMS policies and controls.
- ISMS Manager: Coordinates the implementation, control, and continuous improvement of the ISMS.
- Asset Owners: Ensure the protection of assigned information.
- All employees and third parties: Are responsible for complying with this
policy and report security incidents or breaches.
Information Classification
All information processed at Fichap must be classified according to its sensitivity level:
- Public: Can be disclosed without restrictions.
- Internal: Exclusive use by Fichap.
- Confidential: Requires authorization for access. Includes customer data and development documentation.
- Restricted: Highly critical. Access only by designated roles.
Documents and systems must be labeled according to their classification. Controls proportionate to each level must be applied.
Risk Assessment and Treatment
Fichap maintains an active process for identifying, evaluating, and treating security risks. A risk matrix based on impact and probability is used. High-level risks must be mitigated with technical, organizational, or contractual controls. The treatment will be recorded and monitored by the ISMS Manager.
General Aspects
- The Information Security Policy has been developed in accordance with the country's current legislation.
- Senior Management is committed to taking all actions within its power to ensure operational continuity, addressing interruptions to institutional activities, protecting critical processes from the effects of major failures or disasters in information systems, and ensuring their timely resumption.
Policy Approval
The information security policy will be approved by Senior Management, clearly reflecting their commitment, support, and interest in developing an information security culture at FICHAP.
Policy Dissemination
- The ISO will be responsible for disseminating relevant security topics.
- Information security policies will be communicated to all FICHAP personnel, third parties providing services to the organization, and relevant external entities.
- For the dissemination of information security policy content within FICHAP, the organization's available communication channels must be used, as well as awareness and training sessions conducted for this purpose.
- To achieve the above, actions and initiatives contained in an Information Security Dissemination, Awareness, and Training Plan will be defined, implemented, and evaluated.
- Training and awareness activity records will be documented, and their compliance will be evaluated annually.
Policy Review
- The Information Security Policy will be reviewed annually to keep it updated. Additionally, any necessary modifications will be made based on potential changes that may affect its definition, such as: technological changes; impact of security incidents; structural changes in FICHAP; changes in legal conditions and/or requirements; or at the request of Management.
- This document may be modified by the Information Security Committee and will be approved by Management.
Approval Date
Date 10/03/2022
Version 0
Subscribe to OUR newsletter and get a
15% Discount
Subscribe to our newsletter and GET a
15
%
discount
Subscribe to OUR newsletter and get A
15% discount
Get discount
Thanks! You're now subscribed to the
Fichap newsletter!
There was an error trying to submit the form, please try again.
Start today to
transform the
experience
of your
employees
Start today to
transform the experience
of your employees
More information
Request a demo
¡Hola!
¿Te gustaría saber más?
Hello! 👋
Would you like to know more?
First name
*
Last name
*
Business email
*
Phone
*
Want to receive specific information?
Shift management
Communication and notifications
Time tracking
Updates and incidents
Leaves and vacations
Digital employee record
Turnover prediction
Reports and analytics
Org chart
Documents and receipts
Comment
Submit
Request received!
We've received your message and will contact you shortly.
Understood
Something went wrong while submitting the form, please try again.
¡Hola!
¿Te gustaría saber más?
Hello! 👋
Would you like to know more?
