This document includes the Information Security Policy of Wise Security Global, (hereinafter WSG), understood as the basic action and organizational principles of WSG in connection with Information Security, also known as Cybersecurity.
The rest of WSG Information Security documents will be aligned with the guidelines contained in this Policy.
The purpose of this Information Security Policy is to establish a regulatory framework in WSG that allows identifying, developing, and implementing necessary technical and organizational measures to guarantee the security and protection of both information, privacy of the people included, and information systems that support the activity of WSG.
This document will be disclosed in the SharePoint space WISE-CYBERSEC-PUBLIC and communicated to all interested subjects, especially internal staff who manage WSG’s information assets.
If Management considers so, this document may be published on the WSG website (https://wsg127.com) to make it accessible to external stakeholders.
WSG protects resources involved in information management assignments related to its standard development functions, fulfilling with current legislation, preserving confidentiality and privacy of information, and ensuring availability, access, integrity, quality, traceability, authenticity, and conservation. These objectives are also applied to the information systems used for the continuity of its activity.
It is WSG’s will to win trust in electronic means usage and the continuous provision of its services, adopting the necessary measures aimed at protecting the information systems of the organization from those threats they are exposed, to guarantee information systems security, minimize risks and thus consolidate basis for preventing, detecting, reacting, and recovering from possible incidents that may happen.
This Information Security Policy applies throughout the scope of WSG, which means:
Objectives to be achieved are:
In accordance with these objectives, this Information Security Policy seeks the adoption of security premises while it guarantees:
This Information Security Policy and documentation related are aligned with current legal scope of regulations that are applicable to WSG. Scope can go as far as: Privacy and Data Protection, Commercial Communications, Advertising, Marketing, Cookies, Intellectual Property, etc… or territorial (National regulations, EU regulations, etc.).
WSG Management expresses its commitment to guarantee, within its scope of functions and responsibilities, the provision of necessary resources for the purpose of implementing and maintaining the processes related to the security of WSG’s information and their continual improvement. All this, to achieve the strategic objectives, dissemination, consolidation and compliance with this Information Security Policy, as well as implementing the appropriate distribution and publication mechanisms to make it accessible to right users.
WSG Cybersecurity Service mission lies in monitoring and ensuring the protection of Wise Security Global’s Information and IT, customer information and stakeholders’ interests. This protection will be carried out against any potential internal and/or external threat or aggression, mainly of a cyberattack type, adopting the corresponding preventive and reactive measures and according to the available budget. This promotes a sturdy culture of cybersecurity and development and application of a specific regulatory framework in this area.
Any user affected by this Policy shall have the obligation to:
Information Security’s responsibility falls on the person to whom the functions of Cybersecurity are assigned.
Information Security coordination will be executed by CYBERSEC and the Cybersecurity Committee, which oversees the implementation of this Security Policy and those security regulations, procedures and instructions established before.
Regarding the breach of the Information Security Policy of WSG and the rest of the documents related to information security, by anyone to whom they are applicable and puts at risk the security of information in any of its dimensions, the Management of WSG saves the right to initiate proper actions according to the codes and internal regulations of behavior and the current legal framework.
For more information about WSG roles and responsibilities, refer to Organización de la Seguridad de la Información.
WSG has a Cybersecurity Committee in charge of aligning all the cybersecurity activities of the organization, highlighting physical and wealth security (facilities security), information security, compliance (security and legal compliance) and contingency plannings.
For more information about operation and structure of the Committee, refer to Organización de la Seguridad de la Información.
This Policy will be assessed periodically (at least annually) through self-assessments coordinated by the Cybersecurity Committee and through internal or external audits (at least biennial), and whenever there are substantial changes in WSG’s information systems.
This Policy is approved during the Management Review, denoted in the ISMS.
The Information Security Policy is formally approved by the WSG Cybersecurity Committee, which will reflect it in the proper minutes, and will be in force until it is replaced by a new version. Likewise, it will be assessed annually and whenever there are significant changes that require it, to adapt it to new circumstances, whether they are technical and / or organizational, avoiding its obsolescence.
To achieve these purposes, suitability, timeliness, and accuracy it will be regularly reviewed. The modifications that may arise will be proposed by the Cybersecurity Committee for validation.
Last update: September 2022 (Version 2.1)