INFORMATION SECURITY POLICY
Principles and objectives
In today’s digital age, safeguarding sensitive information and ensuring the privacy of individuals’ data is paramount.
At Zoundream, we recognize the critical importance of information security in our operations. These principles, along with the Information Security Management System that underpins them, utilize the ISO27001 standard as their reference framework.
The information security objectives of Zoundream align with the business objectives, with a primary focus on complying with current legal obligations applicable to our activities.
Of utmost importance in our information security strategy is our commitment to compliance with the General Data Protection Regulation of the European Union and the regulations concerning the protection of personal data in the countries where Zoundream operates.
In addition to adhering to legal requirements related to security, Zoundream also holds the responsibility and commitment to meet specific security requirements outlined by our customers and suppliers. These requirements pertain to the information they access as part of their contractual relationships with us.
Zoundream ensures that it possesses the necessary human resources, organizational structures, technological infrastructure, and documentation to safeguard the company’s information. This comprehensive approach aims to prevent any incidents that might compromise our data.
At all levels within Zoundream, there is a shared commitment to achieving our established information security objectives and implementing the prescribed controls and preventive measures.
For all entities under Zoundream, there exists a mandate to comply with established rules and procedures, with a steadfast focus on safeguarding our information assets and the personal data processed by Zoundream.
Our company is dedicated to ensuring that our personnel are well-versed in their security-related obligations, and they fully understand the consequences of non-compliance.
Zoundream actively promotes ongoing training and awareness activities across all levels of the organization concerning information security. This includes the development of a comprehensive plan for training initiatives, monitoring their implementation, and evaluating their effectiveness.
Our security strategy adheres to the core principles of confidentiality, integrity, availability, authenticity, and traceability of information:
- Confidentiality guarantees that information remains accessible only to authorized individuals and cannot be disclosed to third parties without proper authorization.
- Integrity ensures that data remains unaltered by unauthorized modifications, and that existing information is not tampered with by unauthorized parties or processes.
- Availability ensures that information is constantly accessible and usable, thereby ensuring the continuity of our business operations. This principle is closely linked to resilience, which ensures our ability to recover systems and information after incidents that may temporarily hinder access.
- Authenticity verifies the accuracy of the origin and identities associated with our information, as reflected in its attributes. Non-repudiation complements this principle by ensuring that users cannot deny their involvement in specific actions within our systems or disavow their association with specific data.
- Traceability ensures that we can determine, at any given moment, the identities of individuals who access our information, the activities they undertake in relation to it, and the various states and pathways our information has traversed.
Our approach emphasizes proportionality, ensuring that the controls we implement align with the severity of the risks we seek to prevent, detect, or mitigate.
Furthermore, in the development of new services and solutions, we uphold the principle of ‘security by design‘ and ‘security by default,’ embedding security considerations into our processes from the outset.
Zoundream remains unwavering in its commitment to continuous improvement. Our aim is to ensure that our security management practices are consistently appropriate and effective. To this end, we periodically reassess our security measures and controls, adapting them to reflect significant changes in our business, the landscape of our information systems, and the evolution of technology.
Last updated: [19/09/2023]