At AIVORA we protect information to ensure its confidentiality, integrity and availability.
This policy sets out the principles and commitments that guide our Information Security Management System (ISMS), aligned with ISO/IEC 27001.
Contents
What is this policy?
Protecting information at Aivora is essential to ensure its confidentiality, integrity and availability.
This policy defines the key guidelines for managing information security, safeguarding both technological systems and personal, financial and commercial data.
Its purpose is to establish a solid foundation that enables compliance with the requirements of ISO/IEC 27001 and protects information against internal and external threats.
Context
Aivora operates in a demanding market where trust and the protection of information are critical to its competitiveness.
The company handles confidential information from both customers and staff, as well as strategic data related to its activities.
Management commitment
Aivora’s top management has a firm commitment to the implementation, maintenance and continual improvement of the Information Security Management System (ISMS), ensuring the necessary resources and leading its development.
It also ensures clear definition of responsibilities at all levels and the integration of information security into all organisational processes.
Risk assessment and treatment
Aivora carries out ongoing assessments of information security risks.
These risks are managed by considering the magnitude of the potential impact, applying proportionate controls aligned with the company’s strategic objectives.
Legal and contractual requirements
Aivora strictly complies with all legal, regulatory and contractual requirements related to information security, privacy and data protection, in every jurisdiction where it carries out its activities.
Responsibilities
Each member of the team has specific duties assigned relating to the secure handling of information and the protection of the systems they use.
These responsibilities are clearly described in the Organisation and Roles Manual, as well as in Aivora’s internal procedures.
Commitment to ISO/IEC 27001
Aivora reaffirms its commitment to compliance with ISO/IEC 27001, ensuring the effective implementation
of an Information Security Management System (ISMS).
To this end, it undergoes both internal and external audits and promotes continual improvement in all aspects related to information security.
Participation and training
Active staff involvement is a fundamental pillar for the success of the information security policy.
Therefore, Aivora ensures ongoing training in good security practices, promoting an organisational culture in which each collaborator assumes responsibility for protecting information.
Continual improvement
The company drives continual improvement of its ISMS through regular evaluations, incorporation of technological innovations and analysis of the effectiveness of the implemented controls.
Corrective and preventive actions are applied based on findings from audits, incidents and system reviews.
Implementation of controls
To mitigate identified risks and maintain an appropriate level of protection, Aivora defines, implements and maintains technical and organisational security controls across its processes, systems and services.
These controls are applied in proportion to risk, are reviewed periodically to ensure their effectiveness, and are aligned with the objectives of the Information Security Management System (ISMS).
Where relevant, Aivora includes security requirements in its relationships with suppliers and partners, in order to protect information and meet applicable obligations.
Security objectives
Aivora’s information security objectives are as follows:
- Protect the confidentiality, integrity and availability of information.
- Comply with applicable legal, contractual and regulatory requirements.
- Reduce information security risks to an acceptable level through appropriate treatment.
- Foster a culture of awareness and responsibility regarding information security within the organisation.
- Continually improve the effectiveness of the Information Security Management System.
Frequently asked questions
Who does this policy apply to?
It applies to all Aivora activities where information and technological systems are managed, and involves staff and parties who, through a contractual relationship, take part in the processing of or access to information.
What type of information does Aivora protect?
Confidential information belonging to customers and staff, and personal, financial, commercial and strategic data linked to the organisation’s activity.
How does Aivora manage security risks?
Through ongoing risk assessments and the application of proportionate controls aligned with the company’s strategic objectives.
Does AIVORA comply with privacy and data protection regulations?
Yes. Aivora is committed to complying with legal, regulatory and contractual requirements related to information security, privacy and data protection in the jurisdictions where it operates.
Is this policy reviewed?
Yes. The policy and the ISMS are reviewed as part of continual improvement, incorporating learnings from audits, incidents and system reviews.
I am a supplier or partner — what does this mean for me?
It means complying with applicable contractual and regulatory obligations, and collaborating to ensure secure handling of information when there is access to or processing of data in the context of the service.
Contact
For any queries related to this policy, you can contact the Information Security Officer at:
rsgsi@aivora.ai.