SECURITY POLICY
LENER ASESORAMIENTO EMPRESARIAL’s management is aware that information is like any other relevant asset of the company, it has great value for our organization and it requires, therefore, adequate protection. In particular, assuring the compliance with the applicable regulations regarding the protection of personal data, is a fundamental factor in order to preserve the privacy of people. In the same way, protecting our client’s data and the services provided to them is a commitment made by LENER ASESORAMIENTO EMPRESARIAL regarding your experience with our services.
Given the great value data represents for our organization, LENER ASESORAMIENTO EMPRESARIAL’s management has decided to implement an Information Security Management System following the ISO 27001 rule, with the goal of protecting data from its threats, minimizing damages y assuring the continuity of business lines.
LENER ASESORAMIENTO EMPRESARIAL’s management through the elaboration and implementation of this Information Security Management System acquires the following commitments and principles:
- Developing services and products under the legislative and contractual requirements applicable to the business lines and related to information security and data protection.
- Defining and implementing the necessary technical and organizational measures in order to assure confidentiality, integrity and accessibility of information and personal data taking into account the organization’s framework and the possible threats to the information systems.
- Assigning the necessary responsibilities for an appropriate security management regarding information security and personal data protection, furthermore for an effective implementation of procedures and measures defined by the organization.
- Defining the requirements regarding security training and providing among personnel the necessary training on such matter to the involved parties, through the establishment of awareness plans.
- Assuring the continuity of our operations and of information itself by developing continuity plans under recognized methodologies.
- Assuring a legal processing of personal data, using the minimum information possible for the meeting specific and rightful goals for which they were obtained.
- Assuring the compliance of the right to information and transparency, as well as the possibility of exercising the rest of the rights reflected in the data protection legislation (Access, rectification, cancellation, opposition, portability and limitation of treatment).
- Establishing the procedures for notification, management and effective treatment of security incidents and, in particular, of those which can affect privacy and the protection of personal data.
- Assuring the implementation of the appropriate organizational, operational and security measures regarding the information systems, taking into account the applicable legal and contractual requirements; and the risk assessment results done by the company.
AThis Policy provides the necessary framework to continuous improvement of the Information Security Management System, as well as for establishing and revising the security goals. The policy will be communicated to all the organization and will be available to the general public.
This Policy is revised annually for its adequation, and extraordinarily in the event of special situations and/or substantial modifications in the Information Security Management System.
This Policy has been approved by LENER ASESORAMIENTO EMPRESARIAL management on April 10, 2025.