Solutions
Features
AI
Testimonials
Blog
Contact
Login
Login
EN
EN
ES
PT
Login
SEcurity
Policy
Políticas
de
privacidad
Information Security Policy
FICHAP’s Management, through the Information Security Committee (CSI), establishes, promotes, and communicates at all levels of the organization the following Policy and objectives for Information Security management.
The information generated and managed by FICHAP is a key strategic asset to ensure business continuity. In this context, the Information Security Policy is aimed at protecting: the information, the means that enable its management, including the people who access and/or handle the information. This is done in order to guarantee its integrity, availability, confidentiality, cybersecurity, and privacy protection.
Management Statement of Intent
FICHAP will protect information resources and the technology used to process them from internal or external threats, whether deliberate or accidental, in order to ensure the preservation of the integrity, availability, and confidentiality of the information. In addition, it will ensure the continuity of information systems, minimize the risk of damage, and ensure the efficient fulfillment of its strategic objectives.
This policy applies to all physical locations, virtual environments, internal employees, and Fichap suppliers, including offices, cloud systems, SaaS tools, and code repositories.
Information Security Principles
- Promote an organizational culture oriented toward information security.
- Engage FICHAP’s top authorities in disseminating, consolidating, and complying with the policy.
- Implement the committed security measures, identifying the available resources and budget allocations.
- Keep policies, standards, and procedures up to date to ensure their validity and effectiveness.
- Promote practices that ensure the continuity of FICHAP’s functions.
- Comply with legal and regulatory requirements, organizational requirements, and continuous improvement.
- Promote security throughout the software development lifecycle.
- Ensure compliance with personal data protection laws (GDPR, Argentina Law 25,326, LFPDPPP).
Information Security Management Objectives
Achieve adequate levels of integrity, confidentiality, and availability for FICHAP’s information, in order to ensure the operational continuity of the processes and services it provides, by safeguarding information assets associated with critical business processes and their supporting resources.
To this end, specific objectives and indicators will be identified separately to monitor their level of compliance.
Scope of the Information Security Policy
- FICHAP’s Information Security Policy is issued in compliance with applicable legal provisions, with the purpose of appropriately managing information security.
- This policy must be known and complied with by all FICHAP personnel (executives, employees, contractors), and will be communicated within FICHAP. It will also be available as documented information for interested parties, when applicable.
- This Policy applies across FICHAP, to its resources and to all internal and external processes linked to the entity through contracts or agreements with third parties.
- Accordingly, the information generated and managed by FICHAP constitutes a key strategic asset to ensure business continuity; therefore, Information Security is a tool to guarantee its integrity, availability, and confidentiality.
Roles and Responsibilities
Fichap establishes the following key responsibilities within the ISMS (SGSI):
- Information Security Committee (CSI): Leads, approves, and reviews the ISMS policies and controls.
- ISMS Manager: Coordinates the implementation, monitoring, and continuous improvement of the ISMS.
- Asset Owners: Ensure the protection of the information assigned to them.
- All employees and third parties: Are responsible for complying with this policy and reporting security incidents or breaches.
Information Classification
All information handled at Fichap must be classified according to sensitivity level:
- Public: May be disclosed without restrictions.
- Internal: For Fichap use only.
- Confidential: Requires authorization for access. Includes customer data and development documentation.
- Restricted: Highly critical. Access only for designated roles.
- Documents and systems must be labeled according to their classification. Controls proportional to each level must be applied.
Risk Assessment and Treatment
Fichap maintains an active process for identifying, assessing, and treating security risks. A risk matrix based on impact and likelihood is used. High-level risks must be mitigated with technical, organizational, or contractual controls. Treatment will be recorded and monitored by the ISMS Manager.
General Aspects
- The Information Security Policy has been developed in accordance with applicable legislation in the country.
- Senior Management commits to taking all feasible actions to ensure operational continuity, address interruptions in institutional activities, protect critical processes from the effects of major failures or disasters in information systems, and ensure timely recovery.
Policy Approval
The Information Security Policy will be approved by Senior Management, clearly reflecting its commitment, support, and interest in developing an information security culture at FICHAP.
Policy Communication
- It will be the responsibility of the OSI to communicate relevant information security topics.
- Information security policies will be communicated to all FICHAP personnel and to third parties providing services to the organization, as well as to relevant external entities.
- To communicate information security policy contents within FICHAP, the organization’s available communication channels will be used, along with awareness and training activities conducted for that purpose.
- For this, a Communication, Awareness, and Training Plan on information security will be defined, implemented, and evaluated.
- Records of training and awareness activities will be documented and their compliance will be evaluated annually.
Policy Review
- The Information Security Policy will be reviewed annually to keep it up to date. Any modifications deemed necessary will also be made based on potential changes that may affect its definition, such as: technological changes; the impact of security incidents; structural changes in FICHAP; changes in legal conditions and/or requirements; or at Management’s request.
- Modifications to this document are the responsibility of the Information Security Committee and will be approved by Management.
Subscribe to our newsletter and get
15% off
Subscribe to our newsletter and get
15% off
Subscribe to our newsletter and get
15% off
Claim discount
Thank you! You’re now subscribed to Fichap’s newsletter!
There was an error while submitting the form, please try again.
Start
transforming your employees’
experience today
Start
transforming your employees’
experience today
More information
Request a demo
¡Hola!
¿Te gustaría saber más?
HELLO! 👋
Would you like to know more?
First name
*
Last name
*
Business email
*
Phone
*
Would you like to receive specific infomation?
Shift management
Communication and notifications
Time & attendance control
Incidents and updates
Leave and vacation management
Digital employee file
Turnover prediction
Reports y analytics
Org chart
Documents and payslips
Comment
Send
Request received!
We’ve received your message and will contact you shortly.
Understood
There was an error while submitting the form, please try again..
¡Hola!
¿Te gustaría saber más?
¡HOLa! 👋
¿Te gustaría saber más?
