Information Security Policy

(v1.1 – 25-09-2024)

Commitments and Principles of Information Security

  • Ensure the existence of mechanisms that guarantee, to a reasonable extent, the confidentiality, integrity, availability, authenticity, non-repudiation, privacy, and ownership of the Information;
  • Ensure continuous risk management to assess the risk exposure of information systems and develop mitigation and remediation plans;
  • Comply with applicable laws, regulations, and contractual requirements regarding the use and security of information systems;
  • Clearly define information security responsibilities, ensuring that everyone understands their specific roles. Those with authority must ensure and demonstrate compliance with the Information Security Policy through verifiable evidence and documentation;
  • Promote continuous improvement of information security processes and controls, using applicable regulations, standards, and best practices as a guiding reference;
  • Ensure the existence of mechanisms to protect the physical, logical, and intellectual assets of information systems and the information they contain against internal and external threats;
  • Promote training and awareness among the various stakeholders in the management system to increase involvement, commitment, and compliance with the system;
  • Ensure that mechanisms are in place for the communication of security events by system stakeholders and procedures for their detection, analysis, response, and resolution;
  • Ensure that access control mechanisms are in place to guarantee that access to information is designed according to the principle of minimum access;
  • Ensure that secure development mechanisms are in place to integrate good security practices into all phases of the information systems life cycle;
  • Ensure that business continuity plans are in place to ensure continuous operation and effective recovery after security incidents;
  • Regularly review and update the information security policy to reflect changes in business, technology, and environments;
  • Continuously maintain the quality of our products and transparency in our relationship with stakeholders;
  • Engage, raise awareness, inform, and promote effective collaboration and communication among different stakeholders on information security issues to ensure that they maintain security standards compatible with those of Redshift.