INFORMATION SECURITY POLICY
Due to our activity as an agency specialized in the analysis of users’ social media information, at XEERPA we are conscious that information is a high value asset for our organization as well as for our customers and it requires adequate protection and management, with the aim of continuing our business and minimizing possible damages caused by errors regarding information integrity, availability and confidentiality.
In this regard, XEERPA takes the following commitments:
XEERPA’s constant commitment in the matter of Information Security Management will be revealed through training and awareness programs, which promote participatory management in these areas, enabling the personnel’s skills to be used for a continuous improvement of the production process.
We will give effect to the legislation, as well as other subscribed requirements with our clients, including those regarding Information Security, to guarantee their activities’ development within the applicable rules and regulations.
Meeting the requirements and continuously improving the Security Information Management System’s efficiency, by means of the implementation of measurement and monitoring systems of solutions and development for our customers, as well as the objectives of Information Security.
Ensuring the continuity of the business by developing continuity plans in accordance with recognized methodologies.
Periodically performing and reviewing risk assessments based on recognized methods, which allow us to establish the level of information security and minimize the risks through the development of specific policies, technical solutions and contractual agreements with specialized organizations.
XEERPA’s personnel will carry out their work by focusing on the established objectives and in accordance with the legal requirements at all times.
XEERPA’s management discloses, based on their analysis and risk management methodology, that they know about and, consequently, accept the risks which, once they have implemented all controls related to their Information Security management system, have stayed above the acceptable levels of risk defined in the corresponding procedure.