Security of Information
Vortal’s management has made this the top policy in its Information Security Management System, its goal being to "maintain constant security of customer information in transaction systems".
Vortal guarantees its customers, shareholders, employees and society at large a commitment to incorporate adequate principles into its business activities to meet applicable legal and regulatory requirements, by identifying business management, technical and human controls to protect, over time, the information assets under its care on its electronic contracting platforms.
These principles are based on upholding the following goals over time:
-
Ensuring the confidentiality and integrity of customer and Vortal data processed on its electronic contracting platforms;
-
Ensuring the availability of these platforms’ resources and of customer and Vortal data processed on its electronic contracting platforms;
-
Establishing, reviewing on a regular basis, complying with and ensuring compliance with, over time, all security guidelines adopted by Vortal’s management, including this policy and its associated information security procedures;
-
Performing regular and effective risk analyses to identify and forestall potential threats to the platforms, establishing risk levels and implementing appropriate controls, as described in the "Statement of Applicability";
-
Developing regulations, operating procedures and records, rules for controlling physical access and logical access to applications, systems and networks ensuring strict interpretation, consistent with the security policy and risk analysis results;
-
Promoting regular training and awareness activities on the topic of information security for its employees, suppliers and partners to ensure that they are all aware of their obligations, responsibilities and applicable security policies, regulations and procedures, and are duly prepared to effectively perform their role in protecting the information with which they interact in their daily activities;
-
Ensuring the monitoring and application of registry and security incident response procedures;
-
Ensuring business continuity by implementing the necessary controls to efficiently respond to adverse events occurring on the electronic contracting platforms;
-
Conducting regular audits to verify compliance with this security policy, its regulations and procedures, and legal and regulatory requirements;
-
Properly penalising those failing to comply with this policy and its specific provisions;
-
Reviewing this Information Security Policy on an annual basis to ensure its ongoing suitability and effectiveness.
The responsibility for managing the activities needed to achieve these goals has been delegated to Vortal’s Security Committee.
This policy will apply to all of Vortal for the protection of customer and Vortal data found in any electronic contracting platform environment, or in any other environment during its life cycle (creation, use, archiving and disposal) where such data is under its direct responsibility.
Vortal’s management undertakes to provide the necessary resources to achieve the above goals.
