Correo Electrónico :

[email protected]

Facebook Instagram
Search
Close this search box.
Registrate

Information Security Policy

Purpose

The purpose of this policy is to establish guidelines and procedures to ensure the confidentiality, integrity, and availability of the company’s information assets.

Scope

This policy applies to all employees, contractors, consultants, and third-party users who have access to the company’s information assets, systems, and networks.

Policy Statements

3.1 Information Classification

All information assets shall be classified into appropriate categories (e.g., sensitive, confidential, internal use) based on their criticality, sensitivity, and regulatory requirements.

3.2 Access Control

Access to information assets shall be granted on a need-to-know basis. User access rights shall be reviewed regularly and promptly revoked upon termination of employment or contract.

3.3 Password Security

Users must follow password guidelines, including the use of strong passwords, regular password changes, and the prohibition of password sharing. Multi-factor authentication shall be implemented for critical systems.

3.4 Data Privacy

Personal identifiable information (PII) and other sensitive data shall be protected in accordance with applicable laws and regulations. Data collection, storage, and usage must comply with the company’s privacy policy.

3.5 Network Security

Network devices, including firewalls, routers, and switches, must be properly configured and regularly patched. Wireless networks shall be secured using strong encryption and appropriate authentication mechanisms.

3.6 Malware Protection

All endpoints must have up-to-date antivirus software installed, with regular scans and updates. Suspicious emails, attachments, or websites should be reported to the IT department.

3.7 Incident Reporting

All security incidents and breaches, including suspected or actual unauthorized access, data loss, or system compromise, must be reported immediately to the IT department.

3.8 Physical Security

Physical access to data centers, server rooms, and other sensitive areas must be restricted and controlled. Visitors should be accompanied and escorted as necessary.

3.9 Employee Awareness and Training

Regular information security awareness training shall be provided to employees to promote a security-conscious culture and ensure understanding of policies and procedures.

3.10 Policy Compliance

Non-compliance with this policy may result in disciplinary actions, including but not limited to verbal or written warnings, suspension, or termination of employment or contract.

Roles and Responsibilities

Management shall provide the necessary resources and support for the implementation of this policy.

The IT department shall be responsible for the technical implementation of security controls and incident response.

All employees, contractors, and third-party users are responsible for complying with this policy and reporting any security concerns or incidents.

Policy Review

This policy shall be reviewed annually or as necessary to ensure its effectiveness and compliance with legal and regulatory requirements.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Eco Fleet S.A.

Cedula Jurídica 3-101-874231

Edificio Meridiano, Piso Cuatro

San Rafael de Escazú, San Jose

Email: [email protected]