Information Security Policy

ZELSIOR is a company providing Information Society Services and Electronic Commerce.

Our Information Security System covers the services of purchase and judicial management of national and international financial assets, judicial document management, and legal representation.

Our commitment goes beyond legal compliance. We aim to guarantee the security of the information we manage and continuously improve our processes, offering a high-quality, close service with the agility and flexibility required by our clients. To achieve this, we have implemented the ISO 27001:2013 Information Security Management System, which ensures the security of your data.

The General Management approves this policy, providing the framework to establish and review objectives that enable continuous improvement, aligned with its activity and the following general principles:

  • Provide a service that meets legal and regulatory requirements, as well as other needs and expectations of clients and other interested parties, based on context analysis, risks, and opportunities.
  • Establish ongoing training and awareness programs that allow having personnel with a high level of competence to perform their activities in quality management and the information security they process, maintaining confidentiality, availability, integrity, and traceability; and improve process performance.
  • Involve, motivate, and commit personnel to achieve their participation in the development and implementation of the information security management system.
  • Maintain and continuously collaborate with clients and professionals to improve the service from the perspective of quality and information security.
  • To ensure the success of this policy and the implemented system, Management will provide the necessary human, technical, and operational resources for its correct operation and periodic maintenance.

 

Scope and Field of Application

These provisions apply to all IFR areas and departments; their resources and business processes, whether internal or external, linked to the entity through contracts or agreements with third parties.

 

Regulatory Framework

The following legislation is referenced, without being exhaustive:

  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce.
  • Law 32/2003, of November 3, General Telecommunications Law
  • Law 59/2003, of December 19, on Electronic Signature.
  • Law 25/2007, of October 18, on Retention of Data Related to Electronic Communications and Public Communication Networks.
  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Empiece a escribir