Integrated Management System Policy
SIA's mission is to provide IT solutions and digital signatures to its clients and to collaborate in their development. Its Management has developed and implemented an Integrated Management System (IMS), subject to a process of continuous improvement, in accordance with the requirements of the Information Security Management System (ISO/IEC 27001), the Environmental Management System (ISO/IEC 14001), the Quality Management System (ISO/IEC 9001), the Business Continuity Management System (ISO/IEC 22301), the IT Service Management System (ISO/IEC 20000) and the applicable legislation regulating the National Security Plan and the Protection of Personal Data, as well as the eIDAS regulations applicable to entities providing trusted services in the field of digital signature (Trusted Service Provider), such as SIACERT.
The present Policy is developed with the purpose of establishing a unique framework of action that allows for the alignment of each of the GIS areas and the commitment of the Management to provide the necessary resources for its implementation and continuous improvement.
The Management of SIA designates the Integrated Management System Committee as the highest authority in charge of reviewing, maintaining and disseminating it. The document "Roles, Responsibilities and Authority," defines the organizational framework, its structure, members, relevant roles, responsibilities and powers to ensure the conformity, adequacy and proper conduct of the GIS, in accordance with this Policy, as well as the procedure for its appointment and renewal.
This Policy shall be communicated, disseminated and followed by all staff of the Organization and other interested parties (clients, contractors, suppliers,...) who share services with SIA or process their information, being mandatory within their area of responsibility.
Non-compliance may lead to the initiation of the necessary disciplinary measures and, where appropriate, the corresponding legal responsibilities.
This policy is articulated and integrated into a set of standards, guidelines and procedures that address specific aspects. This documentation, as well as the rest of the documents that make up the IMS (procedures, records, reports, attestations and tests, programmes, etc.) are kept up to date with the latest approved versions by means of a document management system that uses the company intranet, accessible to all employees and stakeholders according to the classification used and the knowledge needs of the groups or individuals. Guidelines for structuring, managing and accessing this documentation are contained in the document "SGI Document Control and Management".
The Management of SIA assumes the following objectives as strategic commitments:
The Policy shall be in force from the date of its approval by the Management of SIA, the previous version being annulled, and will be reviewed annually.
SIA, an Indra Group company, is the Indra Group's specialized cybersecurity company. It offers technologically advanced solutions and innovative services, taking the concept of cybersecurity one step further.
Indra is one of the leading global technology and consulting companies: the technology partner for key operations of client businesses worldwide.
SIA, an Indra Group company, is the Indra Group's specialized cybersecurity company. It offers technologically advanced solutions and innovative services, taking the concept of cybersecurity one step further.
Indra is one of the leading global technology and consulting companies: the technology partner for key operations of client businesses worldwide.