Security Policy
EveVideo, aware that the security of customer information is a critical resource, has established an Information Security Management System to ensure the continuity of information systems, minimise the risk of damage, ensure compliance with the objectives set, and maintain the security and privacy of personal data.
The goal of the Integrated Policy is to establish the necessary framework for action to protect information resources from threats, whether internal or external, deliberate or unintentional, in order to ensure compliance with information confidentiality, integrity, and availability.
The Information Security Committee, which is responsible for the approval, dissemination, and compliance with this Security Policy, is directly responsible for the effectiveness and application of the integrated Management System of the three regulations. An Information Security Manager has been appointed in its name and on its behalf, with sufficient authority to play an active role in the Information Security Management System, supervising its implementation, development, and maintenance.The Information Security Committee shall develop and approve the risk analysis methodology used in the Information Security Management System.
Anyone whose activity may be affected, directly or indirectly, by the requirements of the Information Security Management System is required to strictly adhere to the Security Policy.
EveVideo will take all necessary steps to comply with the applicable regulations on security in general and IT security, including IT policy, building and facility security, and the behaviour of EveVideo employees and third parties when using IT systems. The measures required to ensure information security through the application of rules, procedures, and controls must ensure the confidentiality, integrity, and availability of information, which is critical for:
Comply with current information-systems legislation.
Ensure the data managed by EveVideo is kept private.
Ensure that the information security requirements applicable to the cloud service's design and implementation are met.
Reduce the risks associated with authorised insider information.
Customers must be kept separate from multi-tenancy and cloud services (including virtualization).
Ensure the safety and confidentiality of the client's assets.
Put in place access control procedures.
Manage the information in the cloud correctly throughout the lifecycle of customer accounts.
To aid investigations and forensic analysis, communicate security breaches to all parties involved and establish guidelines for information sharing.
Ensure the availability of information systems, both in customer services and in internal management.
Ensure the ability to respond to emergency situations by restoring critical services as soon as possible.
Avoid making unauthorised changes to the data.
Increase information security awareness and training.
Policy on security.
Establish objectives and goals centred on evaluating performance in terms of information security, as well as continuous improvement in our activities, as governed by the Management System that creates this policy.