Security Policy

Objective

CLOUDFRAMEWORK's fundamental objective is to inform employees, clients, suppliers and stakeholders about the requirements for protecting information, equipment and technology services that support business processes, with measures applicable wherever information is stored or transmitted.

The objective of this High-Level Policy is to define the principles, basic standards and procedures for Information Security Management, ensuring its security and assessing and minimising associated risks.

Quality and Excellence Guarantee

CloudFramework has implemented an Information Security Management System in accordance with UNE-ISO/IEC 27001, approved on 31 July 2023, with the aim of ensuring the availability, confidentiality and integrity of information of clients, suppliers and employees.

Fundamental Security Principles

CloudFramework's security policy is based on three fundamental pillars:

  • Confidentiality: Restricting access to information only to authorised persons, under the "need to know" principle, preventing the loss or involuntary disclosure of data.
  • Integrity: Guaranteeing that information and processes are accurate and complete, avoiding unauthorised or accidental modifications.
  • Availability: Guaranteeing that authorised users can access information and assets when they need them, through business continuity and disaster recovery plans.

Security Strategy

CloudFramework's security strategy includes the following components:

  • Security Governance: An Information Security Officer (CISO — Chief Information Security Officer) coordinates the strategy, objectives and planning of information security.
  • Regulatory Framework: Mandatory compliance with the Information Security Policy, which establishes the fundamental principles approved on 31 July 2023.
  • Awareness and Training: Ongoing awareness programmes so that all staff understand their security responsibilities.
  • Monitoring Processes: Internal oversight, network monitoring and vulnerability audits to verify compliance.

Contact

To request a copy of the policy or for any enquiry related to information security, you can contact us at: gdprsec@cloudframework.io