a
M

February 28, 2025

SCATI firmly believes that Information Security is a key factor for the proper development of the company. Along with providing the necessary training and resources to carry out its activities, it is considered one of the main pillars for delivering services with the appropriate quality to clients.

SCATI acknowledges the importance of ensuring the confidentiality, integrity, and availability of information. These principles are defined as follows:

  • Confidentiality: SCATI is committed to protecting information from unauthorized access, ensuring that only authorized individuals have access to the information relevant to their roles.

  • Integrity: SCATI is committed to safeguarding the accuracy and completeness of information, preventing its unauthorized alteration, destruction, or modification.

  • Availability: SCATI is committed to ensuring that information is available and accessible when required by authorized users, avoiding unplanned disruptions and minimizing downtime.

The objectives of the Information Security Management System are:

  • Ensuring compliance with applicable laws, regulations, and standards, as well as any additional requirements deemed appropriate by SCATI to achieve continuous improvement.

  • Providing services with a level of security that meets and exceeds our clients’ expectations.

  • Training staff in accordance with technical changes and technological innovations that impact SCATI’s operations.

  • Effectively assigning roles and responsibilities in the field of information security.

  • Preventing potential defects and Information Security incidents before they occur, working toward “continuous improvement” and promoting communication.

  • Continuously evolving the Information Security Management System to meet client demands.

  • Raising awareness and motivating SCATI personnel on the importance of implementing and developing an Information Security Management System.

The organization will constantly seek opportunities for improvement in the field of information security. To achieve this, the following actions will be carried out:

  • Periodic risk assessments: Regular evaluations will be conducted to identify new threats and vulnerabilities, and measures will be taken to mitigate identified risks.

  • Policy and procedure updates: Information security policies and procedures will be reviewed regularly to ensure they remain relevant and effective. Necessary improvements will be implemented to strengthen information protection.

  • Monitoring and incident detection: A monitoring and incident detection system will be established to identify and respond promptly to potential security breaches.

  • Training and awareness: Regular training will be provided to employees on topics related to information security, including best practices, policies, and procedures. Awareness about the importance of information security will be promoted throughout the organization.

  • Review and audit: Regular reviews and audits of information security controls will be conducted to ensure their effectiveness and compliance. Corrective actions will be taken in case of deviations or non-compliance.

  • Technological improvements: New information security technologies and solutions will be considered and adopted to enhance the protection of information assets.

Management sets and reviews objectives and goals, using the defined policy as a reference framework, assigning responsibilities for their achievement, and establishing action criteria.

Management is committed to the implementation, maintenance, and improvement of the Information Security Management System (ISMS), providing the necessary means and resources, and encouraging all personnel to embrace this commitment.