ROOX Management has established its Information Security Policy, based on the following principles:
- Integrate Information Security into the organisation's business processes and objectives to ensure customer satisfaction and confidence;
- To ensure that information protection complies with the organisation's internal policies regarding information, as well as with the laws, regulations, internal requirements of the organisation, clients and others external to the organisation;
- Ensure, as to confidentiality, integrity and availability, the protection and classification of information and its supporting assets, taking into account its criticality for the organisation and other interested parties;
- Ensure the right to privacy of all individuals, through the protection of personal data of customers, employees and other data subjects;
- Ensure the development, implementation and periodic reassessment of policies, processes, including security and privacy measures in order to address internal and external threats;
- Ensure the management of information security incidents, through the prevention, detection, recording, reporting, handling and investigation of these and other vulnerabilities that may jeopardise information security, the protection of individuals' personal data or interrupt business continuity;
- Promote the awareness and training of its staff in Information Security, in order to ensure their participation and commitment
- Develop periodically the evaluation and monitoring of security risks, in order to identify dangers and evaluate risks and take the appropriate actions for their control and mitigation.
- Develop within the organisation a collective and transversal commitment to comply with all applicable requirements and to continuously improve information security