Certifications

INAZ, as part of Corporate Policy and through the commitment and active involvement of all corporate components, is committed to pursuing Information Security and Privacy and in particular to:

• define the methods necessary to ensure that this policy is understood and applied at all levels of the company;
• periodically measure and verify the effectiveness of the ISMS&P;
• preserve the information assets of INAZ and its customers by ensuring adequate levels of security in the handling of information as part of business processes;
• improve the ability to respond to cyberattacks through the Security Operation Center, proactive investigation tools and escalation procedures;
• increase security levels and compliance with privacy regulations by also involving third parties, customers and suppliers;
• ensure that the processing of personal data is carried out in accordance with the principles of privacy by design and privacy by default;
• ensure adequate levels of availability and security of the public cloud with particular reference to data protection and data breach prevention by considering all applicable regulations;
• promote continuous learning on risk identification and management through experiences gained on incidents;

In order to achieve the objective related to Information Security and Privacy we aim to know, through appropriate tools and procedures, the value of information and the means used for its processing and disclosure, the threats to which it is exposed and its vulnerability, and to bring the risks down to a threshold of acceptability through the design, implementation and formalization of an “Information Security and Privacy Management System” that meets the legal requirements and complies with ISO/IEC 27001 and ISO/IEC 27018, 27017, 27035 and 27701 guidelines.