Information Security is the protection of information against a wide range of threats to ensure business continuity, minimize business risks, and maximize the return on investments and business opportunities. eSolutions considers information and associated systems as critical assets that must be protected to ensure the proper operation of the organization’s services and compliance with legal and contractual obligations. The Information Security Policy is aimed at effectively managing the security of information handled by the company’s IT systems, as well as the assets involved in its processes.
1. OBJECTIVE:
This Policy aims to establish the framework under which the organization guarantees the confidentiality, integrity, and availability of its own information and that of its clients, as well as compliance with current Laws and Regulations at all times. It maintains a balance between risk levels and efficient use of resources, with proportionality criteria.
2. SCOPE:
This Information Security policy is to be considered by all members of the eSolutions organization: employees, external staff, suppliers, contractors, business partners, and third parties who access, process, and/or handle eSolutions information.
3. DEFINITIONS:
4. MANAGEMENT MODEL:
eSolutions promotes a management model applicable toInformation Security based on the international standard ISO/IEC 27001, facilitating, by all meanswithin its reach and proportionate to detected threats, the necessary resources for theorganization to have an environment aligned with business objectives and establishedcybersecurity goals. The model defined by eSolutions is based on:
5. GUIDELINES:
Implementing a secure information environment is achieved by complying with the following critical factors:
6. OWNERSHIP OF INFORMATION:
All data, programs, systems, and procedures (hereinafterreferred to as “information”) collected, stored, processed, and/or maintained by the Companyfor business purposes are owned by eSolutions unless explicitly stated otherwise in a contractualagreement.
7. INFORMATION CRITICALITY:
Information is a key asset; therefore, the Company must maintaina properly secure environment for managing, processing, transporting, and distributing it. The“confidentiality, integrity, and availability” of information are essential to preservecompetitiveness, billing, profitability, compliance with legal requirements, and the Company’smarket image. Protection of strategic information and resources of both the Company and itsclients must be ensured whenever they are under eSolutions‘ control (Information ClassificationPolicy).
8. ACCEPTABLE USE OF INFORMATION AND ASSOCIATED ASSETS:
9. RESPONSIBILITIES:
Coordinate the implementation and maintenance of a set of appropriate actions and measures to ensure that information and its supporting structure are protected from destruction, corruption, unauthorized access, and confidentiality breaches, both accidental and deliberate. Effective information security can only be achieved through consistent measures and actions, continuous monitoring, close cooperation, and awareness at all corporate levels. To this end, the following measures and actions are detailed:
10. NON-COMPLIANCE:
Failure to comply with or violation of any aspects outlined in this policy and the supporting Security Policies may result in:
At eSolutions, we apply our Mission, Vision, and Values in all activities of the Quality Management System (QMS), with the objective of delivering software solutions that create value for our clients and fostering relationships of sustained growth.
This policy ensures compliance with applicable requirements, promotes the continuous improvement of the QMS, and provides the framework to establish and review quality objectives aligned with our strategy and vision.
The commitments of this policy are:
Compliance with applicable requirements: Ensure adherence to customer requirements, as well as legal, regulatory, and QMS-specific obligations.
Customer satisfaction: Understand and meet our clients’ needs, fostering long-term, mutually beneficial relationships.
Innovation and continuous improvement: Encourage innovation and the ongoing improvement of our processes, services, and the QMS, perceiving changes as opportunities for growth.
Human warmth and talent development: Maintain an environment of respect, collaboration, and professional and personal growth, valuing the diversity and uniqueness of each individual.
Flexibility and agility: Adapt our resources and respond quickly to changes in context, ensuring process continuity and compliance with quality requirements.
The commitments established in this policy are translated into measurable quality objectives, reviewed periodically, and reported during Management Review.
The Quality Policy is communicated, understood, and applied throughout the organization and is available to all relevant interested parties.
1. Cumplir los requisitos aplicables: asegurar el cumplimiento de los requisitos de nuestros clientes, los legales, reglamentarios y los propios del SGC.
2. Satisfacción del cliente: comprender y atender las necesidades de nuestros clientes, promoviendo vínculos duraderos y de beneficio mutuo.
3. Innovación y mejora continua: fomentar la innovación y la mejora permanente de nuestros procesos, servicios y del SGC, percibiendo los cambios como oportunidades de crecimiento.
4. Calidez humana y desarrollo del talento: mantener un ambiente de respeto, colaboración y crecimiento profesional y personal, valorando la diversidad y singularidad de cada persona.
5. Flexibilidad y agilidad: Adaptar nuestros recursos y actuar con rapidez ante cambios del contexto, garantizando la continuidad de los procesos y el cumplimiento de los requisitos de calidad.
Los compromisos establecidos en esta política se traducen en objetivos de calidad medibles, revisados periódicamente y reportados en la Revisión por la Dirección.
La Política de Calidad es comunicada, entendida y aplicada en toda la organización, y está disponible para todas las partes interesadas pertinentes.