INTRODUCTION
Hopla Software S.L. aims to protect its customers and business objectives by providing its employees, collaborators, suppliers, and clients with a secure working environment through appropriate security measures and operational processes.
The Information Security Policy of Hopla is focused on ensuring the protection of all information assets and the technology used for their processing against internal or external threats, whether deliberate or accidental. The goal is to guarantee their integrity, availability, and confidentiality, thereby supporting the efficient achievement of the organization's strategic objectives.
The company has an Information Security Management System driven by its Management, which follows the international standard for information security management, UNE-ISO/IEC 27001.
POLICY PRINCIPLES
The principles that must be respected and applied are:
- Promoting a culture across the organization focused on protecting information assets.
- Dissemination, consolidation, and compliance with the policy.
- Implementing security measures effectively.
- Keeping policies, regulations, and processes updated to ensure their validity and effectiveness.
- Adherence to the principles of confidentiality, integrity, and availability.
- Commitment to the principle of continuous improvement.
Information security must be flexible, effective, and support the company’s business model:
- Access to information must be controlled and based on the individual’s role within the organization.
- Security measures must guarantee the requirements of confidentiality, integrity, and availability of information and services.
- Security measures must ensure the privacy of personal data in accordance with current legislation.
- Information security must align with the organization’s business structure, customer security requirements, applicable legislation, and industry best practices.
APPLICABILITY OF THE POLICY
This information security policy is mandatory within its scope of application. Employees, collaborators, subcontractors, and suppliers of the company must be aware of and comply with this policy in accordance with their role when dealing with company or customer information.
The security policy is based on the following principles, rules, and standards:
- ISO/IEC 27001:2013 Standard
- Legislation related to personal data privacy (LOPD, GDPR).
- Legislation related to information security as referred to in the Security Regulations.
When an area of non-compliance with this policy is detected, it will be subject to a risk analysis. This risk analysis considers the potential impact of a security breach resulting from non-compliance and the availability of controls that mitigate or compensate for the risk. The review is conducted by the company management, with deviations subject to their approval.
SCOPE OF USE OF THE POLICY
This policy establishes the minimum requirements to ensure the continuity of operations. Effective information security is a joint effort that requires the participation of all employees and collaborators who work with information assets.
The information security policy applies to all infrastructures and information assets, including:
- Personal devices, servers, data storage, and applications.
- Means of connection between external infrastructures and the company’s infrastructures.
- All information assets used by the company's internal services and clients.
- Any information owned by the company.
- Any processes or treatments of information resulting from the business activity.
Compliance with the Information Security Policy must be monitored and audited by the company management.
The Management