Last update: Nov 2023
Introduction
The Security Policy of DOCTOMATIC reflects the concepts, principles, responsibilities, and objectives related to security, the outcomes of which ensure the company’s necessary freedom of action.
The goal of DOCTOMATIC’s Comprehensive Security is to protect all individuals – including users, professionals, and employees – the confidentiality of their communications, and the integrity of their information. It also safeguards other assets that make up the company’s heritage, such as facilities or content of all kinds.
Comprehensive Security encompasses traditional concepts of physical security and logical (technological) security to maintain business continuity in any adverse circumstance.
An increase in the «security culture» among personnel will provide clear benefits by enhancing the security of systems and procedures, and minimizing the risk of potential malicious actions. It is essential that all information related to security matters flows through the appropriate channels both horizontally and vertically within the organizational unit.
Principles
- Integration: Global Security is an integrated process aligned with the company’s activities, involving the entire organization.
- Cost-effectiveness: Security is guided by business criteria, considering the relationship between expenditure and investment. Criteria are centrally established, leveraging any existing synergies. This management approach allows for a better performance of the effort applied to security.
- Continuity: Security must be present throughout its work cycle: protection, prevention, detection, response, and recovery.
- Adaptability: The means employed should adapt to the activity’s environment. Among other factors impacting the organization’s activity and security levels are competition with other companies, disturbances of a social, political, and economic nature, and amateur or professional hacking.
Responsibilities
The ultimate responsibility for security lies with the management team, which is directly responsible for managing its development and implementation.
The management team will analyze the risks and security vulnerabilities that may impact the smooth operation of the activity and will propose the appropriate standards, means, and measures to minimize them.
All personnel in the organization must take responsibility for maintaining the security of the assets under their care, adhering to the security standards established by the management team.
Goals
- Achieving and maintaining the required level of security to adequately ensure business continuity, even in adverse situations.
- Increasing the integration and mutual support of the physical and logical aspects of security.
- Collaborating in the management of other security disciplines, including labor and environmental aspects, following criteria that enhance Corporate Social Responsibility.
- Establishing the corporate security structure defined by the organization’s decision-making bodies and creating appropriate communication channels among all stakeholders.
- Complying with official security regulations and other requirements.
- Establishing and implementing Training and Security Awareness Plans to enhance the personnel’s training.
- Express commitment to continuous improvement.
- Integrating different departments of the company into a security management system that, under common criteria, leverages synergies and achieves consistency in resources and actions.
- All DOCTOMATIC personnel will be familiar with and apply the regulations developed by this Security Policy.