Information Security Policy

1. Introduction

This Information Security Policy establishes the principles and guidelines governing the protection of infraones information assets, ensuring confidentiality, integrity, availability, and regulatory compliance in the use of information, including the management and security of the website. infraone is committed to applying the highest standards in cybersecurity and data protection for clients, employees, and third parties, ensuring compliance with current regulations and aligning with international standards such as ISO 27001 and ISO 9001.

2. Distribution

This document is available on infraones corporate intranet and is accessible to all employees and collaborators who need to consult it. Furthermore, infraones management will ensure its dissemination to all relevant stakeholders, particularly those responsible for managing information assets.

3. Objective

The purpose of this policy is to establish a regulatory framework in infraone that allows:

  • Implementing necessary technical and organizational measures to ensure information security.
  • Protecting the privacy of personal and corporate data.
  • Ensuring the availability, integrity, and confidentiality of information managed in infraones website and systems.
  • Preventing, detecting, and responding to security incidents.
  • Promoting a cybersecurity culture within the organization.

4. Scope

This policy applies to:

  • All resources, services, and processes related to information management on infraones website.
  • All information systems that support the company's digital activities.
  • All internal and external users accessing or managing website information.

5. Security Principles

infraone adopts the following guidelines to ensure information security:

5.1. Confidentiality

  • Information will only be accessible to authorized personnel according to their roles and operational needs.
  • Access controls and encryption will be applied to data transmission and storage.

5.2. Integrity

  • Protection measures will be implemented against unauthorized modifications of information.
  • Regular security audits and reviews will be conducted.

5.3. Availability

  • Business continuity will be ensured through contingency and incident recovery plans.
  • Systems will be monitored to prevent service interruptions.

5.4. Authenticity and Traceability

  • Robust authentication mechanisms will be employed to validate user identity.
  • Critical events in systems will be logged to ensure action traceability.

6. Regulatory Compliance

infraone commits to complying with applicable regulations on information security, including:

  • General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679.
  • Organic Law 3/2018 on Personal Data Protection and Digital Rights.
  • Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE).
  • National Security Scheme (ENS) -- Royal Decree 311/2022.
  • ISO/IEC 27001 -- Information Security Management System.
  • Other applicable regulations depending on infraones sector and business scope.

7. Responsibilities

7.1. infraone Management

  • Ensures the application of this policy and allocates the necessary resources for its compliance.
  • Supervises the effectiveness of implemented security controls.

7.2. Security and IT Team

  • Implements information protection measures.
  • Monitors and manages security incidents.
  • Conducts compliance audits and continuous improvement.

7.3. Employees and Collaborators

  • Comply with the guidelines set out in this policy.
  • Report any detected incidents or anomalies.
  • Apply good practices in information management.

8. Review and Update

This policy will be reviewed and updated annually or whenever significant changes occur in regulations, technological infrastructure, or infraone's security strategy.

Get in touch

Let’s start your cybersecurity journey today.

Legal pages

Cookies Policy
Legal Notice
Privacy Policy
Security Policy
Copyright © 2025 infraone | All Rights Reserved