Itelazpi takes ICT one step further by standardizing Information Security management. This plan thus puts the necessary structures in place to ensure the protection of the company’s core information, as well as ensuring the secure and safe adoption of new technologies.  It further supports the Corporate Social Responsibility strategy, systematizing and strengthening risk management in the area of IT.

During 2011, and consistent with the Information Systems Strategy as defined by the Master Plan, Itelazpi drew up a secondary strategy to protect the company’s information assets (Information Security Master Plan), which aims to preserve the integrity, confidentiality and availability of such information. As a result of this work, an existing information security framework is in place, the level of risk assumed has been established and finally the definition of the risk treatment plan has been laid down, which should take us from the current situation of risk to the desired target situation.

Similarly, the mechanisms required to govern and manage the life cycle of information security have been defined in order to ensure that levels of risk are always maintained under control. The general policy on Information Security has thus been developed and the corporate body responsible for coordinating the deployment of the Risk Treatment Plan has been established. The development of the operating policies and procedures, the specification of technical measures for processing new information assets, training and information for staff involved have been set forth as well as the monitoring of security controls, the development and coordination of continuity plans and the continuous review of the system have also been set out.

By implementing this plan, the company’s IT department definitively promotes awareness of and operates in harmony with the corporate function of the company’s Risk Management and Internal Control, intrinsically introducing safety as one more variable to be incorporated within their scope of operations. In addition, the security framework that has been laid down provides a complementary standard structure and one that is sufficiently flexible, so it can serve as a vehicle for extending the scope of the security system to other core areas and thus accommodate other issues such as those resulting from the new Royal Decree on Critical Infrastructure.

While the methodology for developing the Security Plan has been created in accordance with the main security reference frameworks (ISO 27001, ENS, etc) with the help of the specialist consultancy Nextel SA, the result that has been achieved is a framework that really adapts to our needs, one that is manageable, carefully focused and that could be easily adapted to new scenarios that will arise in the coming years.