Information Security Policy

INNOVA-WIDE-IT POL-01 REV 00

  • Innovwide maintains and communicates an Information Security Program consisting of policies, standards, procedures, and guidelines related to specific topics aimed at:
    • Protecting the confidentiality, integrity, and availability of information resources maintained within the organization through administrative, physical, and technical controls.
    • Providing added value to the way business operations are conducted and supporting organizational objectives.
    • Complying with all regulatory and legal requirements, including (as applicable):
      • Information security best practices, including ISO 27001 and ISO 27002 standards.
      • Contractual agreements.
      • All other applicable laws and regulations.
  • The Information Technology Department at Innovwide provides full support for IT applications and infrastructure, while the IT Security Team is responsible for implementing, monitoring, and managing information security operations within the company.
  • All Innovwide employees, clients, contracted third parties, service providers, consultants, and any other relevant parties are responsible for protecting Innovwide information and information processing facilities against all threats, whether internal or external, intentional or accidental.
  • All Innovwide employees, contracted third parties, service providers, consultants, and any other parties are responsible for maintaining a high level of information security posture within the organization while ensuring confidentiality, integrity, and availability at all times.
  • Each application, IT system, technology, and infrastructure device owned by Innovwide shall have assigned users responsible for daily compliance with the Information Security Policy applicable to that system.
  • Each individual user is responsible for maintaining the integrity and security of company-provided personal computers (PCs) and IT peripheral devices (such as mobile phones, tablets, and others).
  • Innovwide management, employees, contracted third parties, service providers, consultants, and any other parties must maintain an appropriate level of awareness, knowledge, and skills to reduce the likelihood and impact of information security incidents.
  • Third-party service providers responsible for delivering or maintaining IT services, systems, or infrastructure/devices on behalf of Innovwide must comply with the company’s Information Security Policy.