The purpose of this Information Security Policy is to protect the information assets involved in the services provided by THE COCKTAIL. It is THE COCKTAIL policy to ensure that:
- The information is protected against loss of availability, confidentiality and integrity.
- The information is protected against unauthorized access.
- Applicable legal requirements are met.
- Business requirements regarding information security and information systems are met.
- The Security Committee assesses the information assets that THE COCKTAIL has from which it will derive the risk analysis and subsequently the risk management, both the analysis and the risk management will be reviewed annually by the Board of Directors, which will decide whether a new risk analysis and management is carried out. The risks to be treated will be reflected in the Risk Action Plan.
- Security incidents are communicated and dealt with appropriately.
- Procedures to comply with the Security Policy are known.
- The Security Officer will be responsible for maintaining this policy, the security manual, the procedures and providing support in its implementation.
- In addition to supervising and verifying that the Risk Action Plan that corresponds to each year is complied with.
- Each employee is responsible for complying with this Policy and its procedures as applicable to a job position.
- It is THE COCKTAIL policy to implement, maintain and monitor the Information Security Environment.
- THE COCKTAIL is committed to the continuous improvement of the Information Security Management System. To achieve this goal, it is supported by policies, objectives, the results of internal audits, data analysis, corrective and preventive actions, as well as a review by management team to ease continuous improvement.
This policy has been approved by THE COCKTAIL Security Committee and will be reviewed annually.