Version 1: 12/08/2022
HEALTHINN ISO 27001
Reference document ISO-27001 – security policy
HEALTHINN‘s Security Policy reflects the security concepts, principles, responsibilities and objectives, whose results results enable the company to guarantee the necessary freedom of action.
The objective of HEALTHINN’s Integral Security is to protect all people -users, professionals and employees-, the confidentiality of their communications and the integrity of their information. It also safeguards the other assets that make up the company’s properties, such as its facilities and contents of all kinds.
Comprehensive security comprises the traditional concepts of physical security and logical (technological) security in order to maintain business continuity in the face of any adverse circumstances.
An increased “security culture” among staff will provide clear benefits by increasing the security of systems and procedures, and will minimise the risk of potential malicious actions. It is essential that all information concerning security issues flows through the appropriate channels at cross and vertical levels in the organisational unit.
● Integration. Global Security is an integrated process aligned with the business, involving the whole company.
● Cost-effectiveness. Security is guided by business criteria, taking into account the relationship between expenditure and investment. Its criteria are set centrally, taking advantage of any existing synergies. This management allows a better return on the effort applied to security.
● Continuity. Security must be present throughout its work cycle: protection, prevention, detection, response and recovery.
● Adequacy. The means employed must be adapted to the business environment. Among other factors, competition with other companies, social, political and economic upheavals, amateur or professional hacking, etc., stand out for their impact on the activity and on the organisation’s security levels.
The ultimate responsibility for security lies with the management team, which is directly responsible for managing its development and implementation.
The management team shall analyse security risks and vulnerabilities that may affect the smooth functioning of the activity and propose appropriate rules, means and measures to minimise them.
All organisation staff must take responsibility for maintaining the security of the assets in their charge, observing the security standards implemented by the management team.
● Achieve and maintain the security level required to adequately ensure business continuity, even in adverse situations.
● Increasing integration and mutual support of physical and logical aspects of security.
● Collaborate in the management of other safety disciplines, including labour and environmental aspects, taking into account the criteria that promote Corporate Social Responsibility.
● Establish the corporate security structure defined by the organisation’s decision-making bodies and create appropriate communication channels between all those involved.
● Comply with official safety regulations and other requirements.
● Establish and implement Safety Training and Dissemination Plans to improve staff training.
● Express commitment to continuous improvement.
● Integrate the different company departments into a security management system that, under common criteria, takes advantage of synergies and achieves consistency in resources and actions.
● All HEALTHINN personnel shall be familiar with and apply the regulations implementing this Security Policy.