FREMAP undertakes, in accordance with its mission and values, to maintain and improve information security and the continuity of its activity as a mutual society, within the legislative framework in force.
The FREMAP Information Security Policy is aimed at ensuring the protection of all information assets and the technology used to process them, from internal and external threats, deliberate or accidental, in order to ensure their integrity, availability and confidentiality, promoting the efficient fulfilment of the company's strategic objectives.
To support this Policy, FREMAP has a management-led Information Security Management System (ISMS), which provides a systematic approach to risk management. As a reference for establishing, implementing, maintaining, and improving this ISMS, the international standard for information security management ISO/IEC 27001 is followed.
SCOPE OF APPLICATION
FREMAP Mutual society, in partnership with the Social Security Institute, carries out the following activities:
- Management of financial assistance and healthcare, including rehabilitation, within the scope of protection against work-related accidents and work-related illnesses of the Social Security Institute, as well as activities to prevent the same contingencies covered by the protective action.
- Management of cash benefits for temporary disability resulting from non work-related injuries and diseases.
- Management of the benefits for risk during pregnancy and risk during breastfeeding.
- Management of the financial assistance for cessation of activity of self-employed workers.
- Management of benefits for caring for minors suffering from cancer or other serious diseases.
The Policy is applicable to the entire scope of the Mutual Society, to its resources and all internal processes.
This Security Policy is applicable to all FREMAP staff and external partners linked to the company via service contracts or third-party agreements.
- Promote a culture throughout the organisation aimed at protecting the information assets.
- Promotion, consolidation and fulfilment of the policy.
- Implement safety policies.
- To maintain the policies, regulations and procedures updated, in order to ensure their validity and level of effectiveness.
- Promote means and practices that ensure the continuity of FREMAP's activity.
- Guarantee and protect, with regard to the processing of the personal data, civil liberties, and the fundamental rights of natural persons and, especially, of their honour and personal and familiar privacy.
- Principle of confidentiality, integrity. and availability.
- Principle of continuous improvement.
POLICY COMPLIANCE EVALUATION
The Information Security Management System (ISMS) includes an internal audit programme for reviewing compliance with the security policy.
In addition, as a guarantee of the correct implementation and management of information security, FREMAP underwent the certification process in accordance with the UNE-ISO/IEC 27001 standard, obtaining its accreditation in April 2018. As a result of this certification, FREMAP undergoes an annual monitoring audit required and carried out by the accreditation body, as well as an audit prior to the latter, or the review of the management system and implementation of the security policies and measures FREMAP has implemented.
FREMAP has implemented a structure for managing risk, consisting of the Information Security Department and the Information Security Committee, with representatives from the Functional Areas and Territorial Organisation.
IMPLEMENTATION AND DISSEMINATION
There are processes and technical documents derived from the policy, available to all employees, that clarify the obligations and security measures for processing information.
This Policy will be promoted by the Management of FREMAP, and will be available to all employees of the organisation, as well as other interested parties and will be understood to enter into force and be kept up to date from today, in all levels of Management, with the full commitment of the Management.