Information Security

     

    1. General Information

    1.1. Objective

    The objective of this document is to establish the Information Security Policy that governs Cima Software Corporation.

    1.2. Scope

    This Information Security Policy must be approved by the Board of Directors and communicated to all persons working at Cima Software Corporation, both internal and external.

    1.3. Sanctions

    The company reserves the right to initiate legal or disciplinary action as appropriate against persons or companies whose actions do not adhere to this policy.

    1.4. Policy Compliance

    Information security depends on the commitment and support of all individuals working at Cima Software Corporation, both internal and external. In this regard, all collaborators (employees, consultants, contractors and temporary people) must use and protect information assets appropriately, complying with the norms, standards, procedures and information security guidelines that are generated from this policy.

     

    1. INFORMATION SECURITY GUIDELINES


    INFORMATION SECURITY SYSTEM POLICIES

    CIMA SOFTWARE CORPORATION is an information technology company that provides business solutions based on information technology, implementation and development of such solutions as well as document scanning services.

    To ensure the confidentiality, integrity, reputation, corporate image, continuity of our services, preservation of assets and availability of information, we have implemented an Information Security Management System based on the ISO/IEC 27001:2013 Standard with the framework  “Information Security Management System for the electronic invoicing service as PSE (Electronic Service Provider), Document Digitalization Service and Development, Implementation and Support of Solutions based on the DocuClass system, according to the statement of current compliance”.

    The company’s upper management is well aware that information is a high-value asset for any organization and therefore requires utmost protection, consequently establishing the following principles as basic guidelines to achieve information security:

    • Protection of personal data and the privacy of individuals.
    • The safeguarding of company records.
    • The documenting of the Information Security Policy.
    • The assignment of security responsibilities.
    • Training and education in the information security field.
    • Logging of security incidents.
    • Business continuity management.
    • The management of changes that might occur in the company related to security.

    The following commitments are made through the development and implementation of this Security Management System:

    • Develop products and services in accordance with the requirements related to information security, in regards of the legal environment of the countries we operate in, the contractual agreements and our guidelines.
    • Develop continuous training in information security within the organization under strict professional ethics and take appropriate measures when any information security guideline is violated.
    • Develop business continuity plans.
    • Promote continuous improvements to maximize the effectiveness of the system.
    • Publish this policy within the organization and make it available to anyone who requires it.

    General Management