Skip to main content

Information security policy

NEOVANTAS CONSULTING, S.L.,  an international consulting firm that accelerates business growth through the use of advanced analytics and the application of behavioral economics, has implemented an Information Security Management System based on the requirements of ISO 27001:2022 with the aim of ensuring that all information technology assets and resources are used and managed in a manner that protects their confidentiality, integrity, and availability, and designed to ensure business continuity, minimize damage, maximize return on investment and business opportunities, and promote continuous improvement. 

The management of NEOVANTAS CONSULTING, S.L., through the development and implementation of this Information Security Management System, makes the following commitments: 

To develop solutions and services in accordance with legislative requirements, identifying the legislation applicable to the business lines developed by the organization and included in the scope of the ISMS: 

  • Establish and comply with contractual requirements with interested parties. 
  • Build and maintain the trust of customers, employees, and regulators. 
  • Provide information security training and awareness programs for all employees and other stakeholders.  
  • Prevent and detect any viruses and other malicious software by developing specific policies and establishing contractual agreements with specialized organizations. 
  • Conduct information security risk assessments to identify and implement controls to mitigate the impact of identified risks. 
  • Develop and maintain business continuity and disaster recovery plans. 
  • Establish the consequences of security policy violations, which will be reflected in contracts signed with stakeholders, suppliers, and subcontractors. 
  • Promote a culture of continuous improvement in information security management and implement improvements based on incident analysis, audits, and periodic reviews. 
  • Act at all times in accordance with the strictest professional ethics. 
  • Ensuring that access to and use of information systems is carried out securely and in accordance with established policies. 
  • Maintain the brand’s reputation with regard to data security. 
  • Properly manage the information lifecycle so that misuse can be prevented during any phase. 
  • The organization’s staff will participate in the management of incidents related to information security services and management, with the aim of restoring normal service levels as quickly as possible and minimizing the adverse impact of such incidents on the organization. 
  • Ensure the protection of intellectual property rights. 
  • Periodically establish a set of objectives and indicators that allow management to adequately monitor the levels of service offered and management activities. 
  • Management is committed to providing the necessary resources to maintain and improve the Information Security Management System (ISMS). 

 

Signed: President 

 JOSÉ LUIS CORTINA MUGURUZA