Information Security Policy

Viafirma has implemented an information security management system based on ISO/IEC 27001/2013 international standard.

This system makes it possible to identify and minimize the current risks to which the information is exposed, helping to reduce operating costs, setting a security culture and ensuring compliance with both legal and contractual standards and regulations in the company.

Viafirma is certified as a Qualified Trust Service Provider, offering a qualified TimeStamp Service (TSA – TimeStamp Authority). Both documents ”Viafirma_CP_Certificados_TSU” and ”Viafirma_TSA_CPS” include the policies and statement of practice of the TimeStamping service, with the purpose of issuing qualified electronic timestamps, as well as the most relevant aspects and procedures defined for the service management.

Viafirma wants to assure the information in both internal and third party servers that provide services to these applications.

Viafirma has established the following Information Security Policies:

1- There is an Information Security Committee, responsible for the maintenance, revision and improvement of the Information Security Management System.

2- Viafirma’s information assets are identified and classified to establish the required protection mechanisms.

3- Viafirma has defined and implemented controls to protect the information against authenticity breaches, non-authorized accesses, loss of integrity and securing its availability required by both the clients and users of the services offered by the Organization.

4- Viafirma has established some security objectives of the SGSI, defined in the PE-18-00_Security Objectives.

5- Everyone in the organization is responsible for protecting the information they access and process from loss, alteration, destruction or misuse.

6- Periodic audits and controls are carried out on the Information Security management model as well as its objectives.

7- It is the responsibility of all Viafirma’s people to inform about any security incidents, suspicious events and the misuse of the resources they may identify.

8- Viafirma has a Business Continuity Plan to ensure the continuity of the operations.

Besides, Viafirma has developed specific policies that support the corporate policy:

  • Teleworking policy.
  • Mobile device policy.
  • Workplace policy.
  • Access control policy.
  • Password management policy.
  • Backup and security copies policy.
  • Secure destruction of information storage elements policy.
  • Cryptographic controls policy.
  • Secure development policy.
  • Trusted Service Provider Policy.
  • Time Stamping Policy.

Any updates to the security policy will be updated on this page, where the different versions can be downloaded.

September 2019 version (link to PDF)