Security Policy

Information Security Management System Policy

Nodus, aware that the security of information related to our customers is a valuable resource, has established an Information Security Management System in accordance with the requirements of ISO/IEC 27001:2013 to ensure the continuity of information systems and their continuous improvement, minimize damage risks and ensure the achievement of set objectives.

The objective of the Security Policy is to establish the framework for action necessary to protect information resources against threats, internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity and availability of information.

The effectiveness and application of the Information Security Management System is the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination and compliance with this Security Policy. In its name and representation, a Responsible for the Information Security Management System has been appointed, who has the sufficient authority to play an active role in the Information Security Management System, supervising its implementation, development and maintenance.

The Information Security Committee will proceed to develop and approve the risk analysis methodology used in the Information Security Management System. Any person whose activity may, directly or indirectly, be affected by the requirements of the Information Security Management System, is obliged to strictly comply with the Security Policy.

In Nodus, all necessary measures will be implemented to comply with the applicable regulations in matters of security in general and computer security, related to computer policy, building and facility security and the behavior of employees and third parties associated with Nodus in the use of computer systems. The necessary measures to ensure information security by applying norms, procedures and controls must allow to ensure the confidentiality, integrity, availability of information, essential to:
  • Comply with the current legislation on information systems.
  • Ensure the confidentiality of the data managed by Nodus.
  • Ensure the availability of information systems, both in the services offered to customers and in internal management.
  • Ensure the ability to respond to emergency situations, restoring the operation of critical services as soon as possible.
  • Avoid improper changes in the information.
  • Promote awareness and training in information security.