Information Security Policy

Page content

FREMAP undertakes, in accordance with its mission and values to maintain and improve information security and the continuity of its activity as a mutual society, within the in force legislative framework.

The FREMAP Information Security Policy is aimed at ensuring the protection of all information assets and the technology used to process these, from internal and external threats, deliberate or accidental, in order to ensure their integrity, availability and confidentiality, promoting the efficient fulfilment of the company's strategic objectives.

To support the Policy, FREMAP has a management-led Information Security Management System (ISMS), which provides a systematic approach to risk management. As a reference for establishing, implementing, maintaining, and improving this ISMS, the international standard for information security management ISO/IEC 27001 is followed

Principles of Information Security

  • Promote a culture throughout the organisation aimed at protecting the information assets.
  • Promotion, consolidation and fulfilment of the policy.
  • Implement safety policies.
  • Keep the policies, regulations and procedures updated, in order to ensure their validity and level of effectiveness.
  • Promote means and practices that ensure the continuity of FREMAP's activity.
  • Guarantee and protect, with regard to the processing of the personal data, civil liberties, and the fundamental rights of natural persons and, especially, of their honour and personal and familiar privacy.


  • The policy is applicable to all FREMAP staff and external personnel linked to the company via service contracts or third party agreements.
  • The policy is applicable to the entire scope of the Mutual Society, to its resources and all internal processes. Accordingly, the security of the information dealt with by FREMAP is a key strategic asset in ensuring the continuity of the Mutual Society.


The Information Security Policy must be made known to all employees, as well as those who collaborate with FREMAP. It should be communicated to the entire organisation and made available in media accessible to all employees.


The Information Security Management System (ISMS) includes an internal audit programme for reviewing compliance with the security policy.

FREMAP is systematically subjected, every other year, to the audit required by Royal Decree 1720/2007 on personal data protection.


FREMAP has implemented a structure for information security management comprising a committee with representation from the Functional Areas, Healthcare and Regional Organisation.

Security management is responsibility of the Information Security Area. The management system (ISMS) is structured in accordance with ISO 27001, and includes a risk-analysis method for identifying threats, the planning and follow-up of corrective actions, and the publishing of evaluation reports and indicators.