DECLARATION OF INTENT

“Information related to our customers is, by principle and essence, the business objective of intermediation between companies in different sectors, offering solutions that cover the whole spectrum of supplier management, procurement processes, contracting and decision making.

The trust and confidence that our customers have already placed in us is underpinned by adherence to fundamental information security principles and strict compliance with policies, standards and procedures that ensure systematic, adequate, effective and continuous security”.

José Luis Ramiro Oter

Director CONSTRURED, Construcciones y transacciones informáticas en la red, S.L.

ORGANIZATIONAL PRINCIPLES WITH REGARD TO SECURITY

Awareness raising: Employees and contractors should be made aware of the need for secure information systems and networks, and what they can do to promote and strengthen security.

Responsibility: All employees are responsible for the security of information systems and networks.

Response: Employees will act in a timely and cooperative manner to prevent, detect and respond to security incidents.

Ethics: Employees will respect the legitimate interests of others, and will follow Construred’s code of ethics.

Democracy: The security of information systems and networks must be compatible with the essential values of a democratic society.

Risk assessment: Employees must carry out risk assessments in their functional areas.

Security design and implementation: Information security will be managed as an essential element of information systems and networks.

Management: Employees should take a holistic view of security management.

Assessment: The security of information systems and networks shall be reviewed and reassessed, and appropriate modifications to security policies, practices, measures and procedures shall be implemented.

SECURITY GUIDELINES

GENERAL SECURITY OBJECTIVES

Likewise, based on the typology of the information assets considered most critical for the business process, these criteria must be taken into account for the management of countermeasures and related security actions: