Human Level Communications,S.L.U has as one of its objectives to try to safeguard the security of information, whether personal or not, and for this purpose establishes a system of information security in order to ensure the reduction of risks associated with it and cybersecurity, that the information is accessible only by those users who have a legitimate need to perform their functions, that it is protected, available and used for the purposes for which it was obtained. To this end, Human Level Communications,S.L.U. defines the following strategic objectives:
- Minimize the risks of loss of confidentiality, integrity and availability of the information received, generated, processed and stored by Human Level Communications,S.L.U.
- Support the areas of the company in securing the information assets that support business operations and information with personal data.
- Raise employee awareness of information security in the performance of their duties.
- Maintain an Information Security and Cybersecurity program that supports the organization’s strategic objectives and new business projects.
- Compliance with legal requirements, commitments acquired with customers and suppliers and all other regulations, internal standards or guidelines to which the company is subject.
- Continuously improve the Information Security system.
- Promote information security awareness and training.
- Ensure the capacity to respond to emergency situations, restoring the operation of critical services in the shortest possible time.
The Information Security Policy concerns all users and applies to all information created, processed or used by Human Level Communications, S.L.U., regardless of the medium, format, presentation or place where it is located. All security measures adopted are aimed at protecting the information and the information systems that support it, including applications, operating system resources, telecommunications networks and media, and computer equipment, whether managed by Human Level Communications, S.L.U. or by those companies or personnel expressly authorized for this purpose, such as those who have signed a service or data processing contract with Human Level Communications, S.L.U. or legally authorized assignees. The Information Security and Cybersecurity Policy is focused on trying to ensure the following three main scenarios:
- Confidentiality compliance, which implies that critical, sensitive, private or personal information managed by the organization is not stolen or accessed by unauthorized persons.
- Minimize the impact on availability, where the services provided by the organization are inaccessible or unusable.
- Ensure the integrity of information systems, avoiding the corruption of data or systems of the organization that affect the accuracy or integrity of information and processing, and that could also affect the availability of services.
The Information Security Policy will be developed by means of security regulations that address specific aspects and will be reviewed at least once a year and whenever there are relevant changes in the organization, in order to ensure that it is in line with the strategy and needs of the organization itself. This policy is applied in all Human Level Communications,S.L.U. work centers, and is implemented in an Information Security framework in accordance with ISO 27001:2022.