Information Security Policy
LATEST MODIFICATION: 02-10-2023
OTS’s management undertakes its duty to position Information Security as an essential element for its employees, clients and third parties involved in online sales, and therefore supports the following objectives and principles:
- To promote and stress the value of Information Security throughout the organisation.
- To contribute to the involvement of each person in OTS to the protection of Information Security.
- To preserve the confidentiality, integrity and availability of information, with the aim of ensuring that legal, regulatory and applicant requirements relating to Information Security are met.
- Protect OTS information assets from all threats, whether internal or external, deliberate or accidental, in order to ensure the continuity of service to Clients and protect customer related information.
- Establish an Information Security plan that integrates the activities of prevention and minimisation of the risk of security incidents based on the risk management criteria established by OTS.
- Provide the necessary means to be able to carry out the relevant actions for the management of the risks identified.
- Define as a security management framework the commitment to continuous improvement using as a reference the ISO 27001 standard to establish the Information Security Management System and the ISO 27002 standard as a set of good practices for information security management.
- Take responsibility for Information Security awareness and training as a means of ensuring compliance with this policy.
- Extend our commitment to Information Security to Clients.