Information Security Policy.

1. Introduction
This document establishes the SINAPI LLC policy based on the ISO 27001 standard.
SINAPI LLC is a technology company dedicated to marketing and providing the following services:
– level 1, 2 and 3 technical support, specialized in localization and globalization of platforms, software and third party applications;
– development, evolutionary and corrective development of third party software;
– localization.
– Digital marketing.

SINAPI LLC is committed to ensuring the confidentiality, integrity and availability of information in all areas of the organization. To this end, it establishes an information security management system through a set of comprehensive measures and security controls for the protection of assets and sensitive data of the company and its customers, ensuring business continuity and preservation of information.

SINAPI LLC is committed to protect the assets and reputation of the organization, as well as to comply with relevant legal and regulatory requirements and its stakeholders in terms of information security.

2. Scope
The scope of the implementation of ISO 27001 in SINAPI LLC applies to all persons in the company and third parties with access to SINAPI LCC information, including information accessed from third parties. It involves all activities of the organization.
It applies to all information assets, whether in electronic, printed or any other medium.

3. Responsibilities
Executive management is responsible for ensuring that adequate resources are allocated to implement and maintain security measures. It is also responsible for ensuring that objectives and plans for the ISMS are established, and that these are reviewed at least annually.

The Information Security Officer (ISO) oversees the implementation of policies, procedures, and controls. As well as defining and designing controls in support of asset owners.

The area managers will be the owners of the assets and the risk thereof, as well as the definition and implementation of their controls with the support of the ISO.

All employees are responsible for adhering to this policy and contributing to information security and should therefore be aware of the information security risks within their daily activities in the company.

4. Development of the policy:

4.1 Information Control and Access Control.

Information classification levels are established to determine the levels of access and protection required to prevent unauthorized disclosure, modification, deletion or destruction of information stored on media.

Information Access and Control

Access permissions are assigned based on the principle of “least privilege”. Access delimitation includes not only the information but also the information processing facilities.
An identity and access management system is implemented to manage user authorization.
Controls are established to ensure security in teleworking and the use of mobile devices.

4.2 Cryptographic controls

SINAPI LLC ensures the appropriate and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.

4.3 Physical and environmental protection

SINAPI LLC prevents unauthorized physical access, damage and interference to the organization’s information and information processing facilities.

4.4 Safety of operations

At SINAPI LCC:

❖ We ensure the correct and secure operation of information processing facilities.

❖ We ensure that information and information processing facilities are protected against malicious code and other technical vulnerabilities.

❖ We protect against data loss.

❖ We record events and generate evidence in our tracking system.

❖ We guarantee the integrity of systems in production.

4.5 Communications security

We guarantee the protection of the information in the networks and their supporting information processing facilities.

4.6 Systems acquisition, development and maintenance

We ensure that information security is an integral part of information systems throughout the entire life cycle and that the development of information systems is designed and implemented early with the active participation of the ISO in the projects.

4.7 Relationship with suppliers

We ensure the protection of the organization’s assets to which suppliers have access, maintaining an agreed level of information security and service delivery aligned with supplier agreements.

4.8. Secure Software Development

Secure development practices, such as code review, security testing, and vulnerability assessments, shall be followed.

Software components and libraries used shall be kept up to date.

4.9. Infrastructure Security

Critical systems are hosted in secure environments and updates are applied regularly.

4.10. Incident Response

An incident response plan is maintained that includes procedures for detecting, reporting, and mitigating security incidents.

Incidents are documented and post-incident analysis is performed to improve security.

4.11 Information security aspects of business continuity management

We consider information security continuity in SINAPI LCC’s business continuity management systems, ensuring the availability of information processing facilities.

4.12. Training and Awareness

Regular security training programs are conducted for employees and contractors to ensure that everyone understands their responsibilities and is aware of threats and best practices. This ensures that people performing work under the organization’s control understand their responsibilities and are suitable for the roles for which they are being considered.

Information security awareness is provided through awareness campaigns.

4.13. Legal and Regulatory Compliance

The company complies with applicable data protection and information security laws and regulations.
Procedures are in place to ensure compliance with relevant standards (ISO 27001 applicable).

5. Policy Review

This policy is reviewed at least annually to ensure its relevance and effectiveness in a constantly evolving environment.
Continuous improvement is a fundamental pillar to maintain and update the ISMS in accordance with changing security threats and requirements.

6. Related documents

The information security manual expands on the information contained in each point of this policy.

7. Approval and Disclosure

All employees, contractors and third parties must read, understand and accept this policy before interacting with SINAPI LCC systems and information.