-

Quality and safety policies

Quality and safety policies We uphold the highest standards to provide exceptional quality and ensure safety in everything we do Do you want to know more? Know our policy.

Quality and safety policies

Information Security is the protection of information against a wide range of threats to ensure business continuity, minimize business risks, and maximize the return on investments and business opportunities. eSolutions considers information and associated systems as critical assets that must be protected to ensure the proper operation of the organization’s services and compliance with legal and contractual obligations. The Information Security Policy is aimed at effectively managing the security of information handled by the company’s IT systems, as well as the assets involved in its processes.

1. OBJECTIVE:

This Policy aims to establish the framework under which the organization guarantees the confidentiality, integrity, and availability of its own information and that of its clients, as well as compliance with current Laws and Regulations at all times. It maintains a balance between risk levels and efficient use of resources, with proportionality criteria.

2. SCOPE:

This Information Security policy is to be considered by all members of the eSolutions organization: employees, external staff, suppliers, contractors, business partners, and third parties who access, process, and/or handle eSolutions information.

3. DEFINITIONS:

  • Information Security is defined as the preservation of the following pillars:
  • Confidentiality: Refers to the quality or state of information being restricted only tothose individuals who truly need to know it to perform their activities; thus ensuringaccess to information only for authorized persons with proper and verifiedauthorization.
  • Integrity: Characteristics of accuracy and completeness of information and the methodsused for its processing. It refers to data, information, and processes that cannot bemodified by unauthorized people.
  • Availability: Defined as the characteristic, quality, or condition of information beingavailable to those who need to access it when necessary. Access to such information canbe granted to individuals, processes, or applications.
  • eSolutions Staff: All users (internal, external, suppliers, contractors) who access,process, store, or transmit information owned by eSolutions and/or its clients.

4. MANAGEMENT MODEL:

eSolutions promotes a management model applicable toInformation Security based on the international standard ISO/IEC 27001, facilitating, by all meanswithin its reach and proportionate to detected threats, the necessary resources for theorganization to have an environment aligned with business objectives and establishedcybersecurity goals. The model defined by eSolutions is based on:

  • A framework for managing applicable Information Security measures through a riskassessment method, aligned with the business strategy and objectives, and consistentwith the context in which the organization’s activities are developed.
  • Mechanisms to align objectives with compliance to legislative, regulatory, andcontractual requirements.
  • Mechanisms to respond to incidents occurring in both system management and theoperational procedures that depend on it.
  • The existence of a set of clearly defined functions and responsibilities regardingInformation Security.
  • A process for reviewing and updating this policy and the Information Securitymanagement model.

5. GUIDELINES:

Implementing a secure information environment is achieved by complying with the following critical factors:

  • Awareness and Training: All eSolutions employees must understand the importance of information security and their individual role in ensuring the protection of the resources under their responsibility.
  • Support from Hierarchical Levels: There must be a visible commitment from managers and executive levels in complying with Information Security policies and practices.
  • Security Personnel Training: Ongoing technical training must be provided to all staff who will perform security administration tasks.
  • Advanced Technology: Technology that efficiently supports business processes and provides appropriate levels of information protection must be implemented. All employees and external users should return all organizational assets in their custody upon termination of employment, contract, or agreement.
  • Risk Assessments: Business risks exposed by each new development project, new product launch, new technological architecture design, or any project involving eSolutions or its clients’ information must be analyzed.
  • Metrics and Indicators: A system of indicators must be defined to verify the operation of the information security management scheme and optimize it through feedback from the obtained results.
  • Monitoring: Continuous reviews of information handling activities must be established to ensure appropriate security mechanisms exist and that implemented procedures are effective.

6. OWNERSHIP OF INFORMATION:

All data, programs, systems, and procedures (hereinafterreferred to as “information”) collected, stored, processed, and/or maintained by the Companyfor business purposes are owned by eSolutions unless explicitly stated otherwise in a contractualagreement.

7. INFORMATION CRITICALITY:

Information is a key asset; therefore, the Company must maintaina properly secure environment for managing, processing, transporting, and distributing it. The“confidentiality, integrity, and availability” of information are essential to preservecompetitiveness, billing, profitability, compliance with legal requirements, and the Company’smarket image. Protection of strategic information and resources of both the Company and itsclients must be ensured whenever they are under eSolutions‘ control (Information ClassificationPolicy).

8. ACCEPTABLE USE OF INFORMATION AND ASSOCIATED ASSETS:

  • Permitted Purposes:
    • Information assets, including data, systems, and devices, must be used exclusively for activities related to the responsibilities assigned by the organization.
    • All use must align with the company’s established objectives and policies.
  • Prohibited Activities:
    • Disclosing confidential information without authorization.
    • Making unauthorized modifications or accesses to systems or data.
    • Using the organization’s technological resources for inappropriate or illegal personal activities, such as downloading unauthorized software or accessing prohibited content.
  • Return and Termination of Asset Use:
    • At the end of an employment or contractual relationship, users must return all assigned assets, including devices and credentials.
    • Corporate data stored on personal devices must be deleted under the supervision of the technology department.
  • Information Handling Procedures:
    • Information will be classified according to its criticality and confidentiality and must be handled according to the Information Classification Policy.
    • The “least privilege” principle will be applied, restricting access only to users necessary for fulfilling their functions.
  • Consequences for Non-Compliance: Misuse of information and assets will be subject to disciplinary measures, which may include:
    • Suspension of access to systems.
    • Employment or legal sanctions depending on the severity of the infraction.

9. RESPONSIBILITIES:

  • Staff Responsibilities:
    • Information and information technologies must be used only for service-related purposes authorized by supervisors, applying good usage criteria in their staff utilization.
    • Access keys to information and information technologies are individual, non-transferable, and solely the responsibility of their owner.
    • Personnel are obliged to promptly and adequately report any incidents that violate this policy according to the established incident handling procedures.
    • It is strictly prohibited for organization employees to disclose any client information, as well as any information classified as “Confidential.”
    • All personnel must sign a confidentiality agreement upon joining, granting the full legal framework of protection against disclosure and intellectual property of the information they access, process, and/or generate during their employment and after the termination of their contract.
  • Commitment of Project Managers and Team Leaders:
    • Each manager and leader is responsible for ensuring that the people under their control protect information in accordance with the standards established by the organization and defined by this policy.
  • Commitment of Management:
    • Management will ensure compliance with this policy and provide the necessary resources for its fulfillment.
    • Management will foster the existence of formal mechanisms and/or procedures that ensure business continuity in situations that prevent access to essential information for the organization’s operation and the services provided to clients.
    • Management will ensure that all staff receive sufficient security training consistent with their needs and roles.
    • Management will make this policy available to all personnel and/or interested parties.
  • Information Security Officer:

Coordinate the implementation and maintenance of a set of appropriate actions and measures to ensure that information and its supporting structure are protected from destruction, corruption, unauthorized access, and confidentiality breaches, both accidental and deliberate. Effective information security can only be achieved through consistent measures and actions, continuous monitoring, close cooperation, and awareness at all corporate levels. To this end, the following measures and actions are detailed:

    • Provide each information resource with appropriate protection by assigning a custodian responsible for classifying resources according to their criticality and maintaining their confidentiality and integrity (See Information ClassificationPolicy).
    • Ensure that personnel are trained to support the organization’s security policies in the development of their regular tasks.
    • Establish physical controls to protect sites containing the company’s information assets, physical information supports, and equipment and facilities used in information processing.
    • Ensure the protection of supporting infrastructure and associated operational processes.
    • Maintain the security of information systems and ensure that development processes are documented to guarantee that projects and system support and testing activities are carried out securely.
    • Control access to information and the systems that support its handling; prevent unauthorized access and establish control mechanisms to detect unauthorized activities.
    • Ensure compliance with laws, statutes, standards, regulations, or contracts regarding Information Security and guarantee the compatibility of systems with the organization’s security policies, standards, and norms.

10. NON-COMPLIANCE:

Failure to comply with or violation of any aspects outlined in this policy and the supporting Security Policies may result in:

  • Limitation and/or elimination of users’ access to all or part of eSolutions’ organizationalinformation.
  • Application of disciplinary sanctions.
  • Initiation of legal action in the civil or criminal sphere when the case justifies it.

Quality Policy​​

Apply the Mission, Vision, and Values in the activities of the Quality Management System (QMS) with the objective of delivering value to our clients within a framework of continuous improvement.

© 2025 Esolutions

Leave us a message!

Our expert team will answer all your doubts.

    Follow us
    Facebook Instagram Linkedin
    Open chat
    1
    Hola 👋
    ¿Cómo podemos ayudarte?