INFORMATION SECURITY POLICY STATEMENT
DENODO is aware of the potentially sensitive nature of the information that it manages. We understand that it is necessary to comply with any applicable legislation related to information security and additionally seek to apply protective measures beyond those minimum requirements in order to ensure the confidentiality, availability and integrity of the information we may have access to.
This information security policy and its embodiment through Denodo's information security management system, together with the work of the designated managers, are the pillars of the management of corporate information security at Denodo.
The DENODO information security management philosophy endeavors to ensure Denodo's ability to:
- Define, develop and implement the necessary controls to ensure, in an effective and quantifiable way, the confidentiality, availability and integrity of the information.
- Satisfy the legal and business requirements in relation to information security and information systems.
- Provide the necessary resources for the management system and the fulfillment of the goals established in connection with the security of information and information systems.
- Implement and integrate information security as a process of continuous improvement, inherent in the entity itself and its services.
- Establish and maintain rules, policies and procedures to meet the current policy.
- Teach, educate and raise awareness among all of Denodo's employees and external collaborators by promoting a "culture of information security" that encourages the assumption of responsibility in all personnel.
- Implement, maintain, monitor and improve the information security management system.
- Ensure that information is protected from unauthorized access.
- Ensure that information breach incidents are reported and handled appropriately.
- Provide an organizational framework for the information security management process o with clear assignment of roles and responsibilities.
- Implement a process for analysis and management of security risks associated with information, including identifying and evaluating the appropriate treatment of any information received.
The information security officer in charge will be responsible for maintaining this policy, the information security procedures and providing support in its implementation.
The managers of each business area will be responsible for implementing this policy and its corresponding procedures within their area.
Each employee is responsible for observing this policy and its procedures as applicable to their workplace.