NEW
Signup for the waitlist to be the first to try our new app for energy communities (spanish only)!
Join waitlist
We protect your personal information with the utmost care.
Information Security Policy
Version 1 - General Information 25/06/2023
Document Reference: ISO-27001 - Leadership
QUIXOTIC, aware that the security of information related to our clients is a highly valuable resource, has established an Information Security Management System (ISMS) in accordance with the requirements of ISO 27001. This system ensures the continuity of information systems, minimizes the risk of damage, and guarantees the achievement of established objectives.
The objective of the Information Security Policy is to establish the necessary framework to protect information resources against internal or external, deliberate or accidental threats, ensuring compliance with confidentiality, integrity, and availability of information.
The effectiveness and application of the Information Security Management System are directly the responsibility of the Information Security Committee. This committee is in charge of the approval, dissemination, and compliance with this Security Policy. On its behalf, a person responsible for the Information Security Management System has been appointed, holding sufficient authority to actively participate in the system’s implementation, development, and maintenance.
The Information Security Committee will develop and approve the risk analysis methodology used in the Information Security Management System.
All individuals whose activities may, directly or indirectly, be affected by the requirements of the Information Security Management System are obligated to strictly comply with the Security Policy.
At QUIXOTIC, all necessary measures will be implemented to comply with applicable regulations in general security and IT security, including IT policies, building and facility security, and the behavior of employees and third parties associated with QUIXOTIC in their use of IT systems. The measures necessary to ensure information security through the application of standards, procedures, and controls will guarantee the confidentiality, integrity, and availability of information, which are essential to:
- Comply with current legislation regarding information systems.
- Ensure the confidentiality of the data managed by QUIXOTIC.
- Guarantee the availability of information systems, both for services offered to clients and internal management.
- Ensure responsiveness to emergencies, restoring the functionality of critical services as quickly as possible.
- Prevent unauthorized alterations to information.
- Promote awareness and training in information security.
- Establish objectives and goals focused on evaluating performance in information security and on continuous improvement of activities regulated within the management system developed by this policy.
To achieve these principles, the Management of QUIXOTIC is committed to providing the resources necessary for the permanent identification and evaluation of risks to information and the systems that handle it, controlling and reducing those risks where possible, and continuously monitoring in other cases. Risk management is carried out through the development and implementation of security controls, standards, and procedures to apply the selected security measures.
This policy is implemented, kept up to date, reviewed annually, and communicated to all employees. It is also available to the public.
Signed
The Management
.svg)
