Information Security Policy

Page content

FREMAP undertakes, in accordance with its mission and values, to maintain and improve information security and the continuity of its activity as a mutual society, within the legislative framework in force.

The FREMAP Information Security Policy is aimed at ensuring the protection of all information assets and the technology used to process these, from internal and external threats, deliberate or accidental, in order to ensure their integrity, availability and confidentiality, promoting the efficient fulfilment of the company's strategic objectives.

To support the Policy, FREMAP has a management-led Information Security Management System (ISMS), which provides a systematic approach to risk management. As a reference for establishing, implementing, maintaining, and improving this ISMS, the international standard for information security management ISO/IEC 27001 is followed.

SCOPE OF APPLICATION

FREMAP Mutual society cooperating with the Social Security Institute, carries out the following activities:

  • Management of financial assistance and healthcare, including rehabilitation, within the scope of protection against work-related accidents and occupational diseases of the Social Security Institute, as well as activities to prevent the same contingencies covered by the protective action.
  • Management of cash benefits for temporary disability resulting from non work-related injuries and diseases.
  • Management of the benefits for risk during pregnancy and risk during breastfeeding.
  • Management of the financial assistance for cessation of activity of self-employed workers.
  • Management of benefits for caring for minors suffering from cancer or other serious diseases.

The Policy is applicable to the entire scope of the Mutual Society, to its resources and all internal processes.

The Social Responsibility Policy is applicable to all FREMAP staff and external personnel linked to the company via service contracts or third party agreements.

POLICY PRINCIPLES

  • Promote a culture throughout the organisation aimed at protecting the information assets.
  • Promotion, consolidation and fulfilment of the policy.
  • To maintain the policies, regulations and procedures updated, in order to ensure their validity and level of effectiveness.
  • Promote means and practices that ensure the continuity of FREMAP's activity.
  • Guarantee and protect, with regard to the processing of the personal data, civil liberties, and the fundamental rights of natural persons and, especially, of their honour and personal and familiar privacy.
  • Principle of confidentiality, integrity. and availability.
  • Principle of continuous improvement.

POLICY COMPLIANCE EVALUATION

The Information Security Management System (ISMS) includes an internal audit programme for reviewing compliance with the security policy.

In addition, as a guarantee of the correct implementation and management of information security, FREMAP underwent the certification process in accordance with the UNE-ISO/IEC 27001 standard, obtaining its accreditation in April 2018. As a result of this certification, FREMAP undergoes an annual monitoring audit required and carried out by the accreditation body, as well as an audit prior to the latter. For the review of the management system and implementation of the security policies and measures FREMAP has implemented a structure for Risk management, composed of the Information Security Area and the Committee with representation from the Functional Areas and Territorial Organisation.

IMPLEMENTATION AND DISSEMINATION

There are processes and technical documents derived from the policy, within the reach of all employees, that clarify the obligations and security measures to proceed with the processing of information and compliance with the regulations on personal data protection.

This Policy will be promoted by the Management of FREMAP, and will be available to all employees of the organisation, as well as other interested parties and will be understood to enter into force and be kept up to date from today, in all levels of Management, with the full commitment of the Management.