Information Systems
The Integrated Information Security Policy has been created in compliance with the ISO 27001:2013 standard and the requirements of Royal Decree 3/2010 of 8 January, which regulates the National Security System (ENS) in the area of e-government, and its subsequent modifications. Article 11 of the Royal Decree specifies that such a policy must be in place.
We depend on information and communication technology (ICT) systems to achieve our objectives. These systems must be protected against quickly developing threats that have a potential to impact the confidentiality, integrity, availability, planned use and value of the information and services.
To defend ourselves against these threats, we execute a strategy adapted to changes in the surrounding conditions, to guarantee the uninterrupted provision of our services. We therefore apply the security measures required by ISO 27001:2013 standard and the National Security System (ENS), depending on the risk and the categories into which the different systems are divided.
Our governing body is committed to leading the maintenance of the Information Security Management System (SGSI), as well as the provisions specified in Royal Decree 3/2010 of 8 January.