Last Review: 20 November 2017
The Genomcore SL management (hereinafter, the “Company”), aware of the importance of the management of information security for the conduction of the business and customer’s satisfaction, have decided to design and implement an Information Security Management System under ISO-27001:2013.
The Company recognizes the importance of identifying and protecting all its information assets by preventing the misplace, leak, modification and unauthorized use of information, committing to implement, remain current and continuously improve the ISMS.
It is responsibility of the company’s management:
- To periodically establish objectives and actions for their development.
- To establish a systematic basis for risk analysis.
- To establish the actions to reduce the risks deemed unacceptable according to the criteria laid down by the Security Committee.
- To implement the necessary controls and monitoring methods.
- Commit to comply with applicable regulations, legislation or client requirements, contractual obligations concerning security, especially when it comes to our client’s and partner’s personal and genetic data management and privacy.
- To guarantee that each of our client’s information will be processed according to confidentiality, integrity and availability requirements specific from a biomedical information management system.
- To promote the awareness and training for in-house employed staff, as well as external partners involved in the use or management information systems, regarding information security.
- To provide the necessary resources to ensure the conduction of the company’s business.
The information security is characterized by the preservation of:
- its availability, ensuring that authorized users have access, when necessary, to information and associated assets.
- its confidentiality, ensuring that only authorized can access information;
- its integrity, ensuring that information remain invariable and traceable.
The company’s security objectives are organized around the following work packages:
- Knowledge protection, information and data;
- The security of information and communication technologies;
- Protection of building, facilities and rooms;
- Protection of the company’s assets;
- Protection of the business conduction;- Compliance with legal and regulatory standards.
The company management names the Security Officer as the main responsible for the policy in maintaining this policy, providing guidance and a roadmap for its implementation.
This policy applies to all the whole Company’s staff, as well as partners and providers working together.
According to the Committee, this policy could be communicated to third parties, particularly customers and providers, with the purpose of involving them into the system’s continuous improvement.