GENERAL INFORMATION SECURITY POLICY 

Wideum’s management recognizes the importance of identifying and protecting its information assets, preventing the destruction, disclosure, modification and unauthorized use of all information related to customers, employees, pricing, knowledge bases, manuals, case studies, source codes, strategy, management, and other concepts, and is committed to developing, implementing, maintaining and continuously improving the Information Security Management System (ISMS).

Information Security is characterized as the preservation of: 

  1. its confidentiality, ensuring that only those authorized can access the information; 2. its integrity, ensuring that the information and its processing methods are accurate and complete; 
  2. its availability, ensuring that authorized users have access to the information and its associated assets when required. Information security is achieved by implementing an appropriate set of controls, such as policies, practices, procedures, organizational structures and software functions. These controls are in place to ensure that the company’s specific security objectives are met. 

It is Wideum’s policy that: 

  • Information Security objectives are set annually. 
  • A risk analysis process is developed and, according to its outcome, the corresponding actions are implemented in order to address the risks that are considered unacceptable, according to the criteria set out in the ISMS Manual. 
  • Control objectives and corresponding controls are established in accordance with the risk needs arising from the Risk Analysis process carried out. 
  • Business, legal or regulatory requirements and contractual security obligations are met. 
  • There is a commitment to continuous training, awareness raising and sensitization on information security for all staff within the organization. 
  • The information generated, processed or safeguarded by the business processes, its technological infrastructure and assets are protected from the risk generated by access granted to third parties (e.g. suppliers or customers). 
  • The necessary means are put in place to ensure the continuity of the company’s business
  • Any violation of this policy and any ISMS policy or procedure is sanctioned. 

Every employee is responsible for reporting confirmed or suspected security breaches. 

Every employee is responsible for preserving the confidentiality, integrity and availability of information assets in compliance with this policy and the policies and procedures inherent in the Information Security Management System. 

The Security Officer is directly responsible for the maintenance of this policy by providing advice and guidance on its implementation, as well as investigating any violations reported by staff. 

Approved by the Directorate on 23 April 2021