INFORMATION SECURITY POLICY
Information Security Policy
To protect the handling, safeguard and transmission of confidential information regarding clients, in a manner consistent with professional, ethical, legal, regulatory and contractual requirements, is one of Cleva key priorities, and is recognized as fundamental to the organization’s success. The loss or theft of confidential information may have serious consequences from a legal, financial and/or reputational point of view, and Cleva is committed to safeguard the confidentiality, integrity and availability of clients’ confidential information, be it physical, digital or intellectual.
Therefore, the principles of the information security policy are to ensure that:
• the information is protected against non-authorised access;
• the information’s confidentiality is guaranteed;
• the information’s integrity is maintained;
• all the applicable laws and regulations are observed;
• the appropriate business continuity plans are maintained and tested on a regular basis;
• every information security breach detected or under suspicion is investigated by the areas that are competent to perform those actions.
Information Security Management System
Cleva maintains an Information Security management System (ISMS), which includes policies and procedures, and that has been designed to maintain, to revise and to continuously improve the security of the information in Cleva, based on risk assessment. The aims of the ISMS are the following.
• To include information security as an essential part of business planning and operations and of the product, ensuring compliance with the standard.
• To continuously raise awareness on information security, ensuring that all employees know the information security policies, understand how information security is part of their functions and their responsibility regarding the protection of information’s confidentiality, integrity and availability.
• To continuously analyze threats to information security, guaranteeing that these are identified and managed based on risk assessment procedures and applying appropriate control.
• To promote the appropriate protection of the organization’s infrastructure of information systems and communications against the loss, misuse or undue access.
• To promote the detection, registration, report and investigation of security incidents in an effective and efficient manner, to ensure minimum impacts of this type of incidents on the organization.
• To guarantee the implementation and testing of business continuity plans, to ensure the continuity of operations and to minimize the impact of a security incident or of an emergency situation.
Information Security Management System’ responsibilities
Under the ISMS, Cleva’ highest body is the Executive committee, whose mains responsibilities are as follows.
• To ensure that the ISMS belongs to and is integrated with the organization’s processes and its global management structure.
• To approve the functions and responsibilities associated with information security.
To formally maintain a nominated CISO (Chief Information Security Officer) and Information Security Manager (ISM), who will be the main interlocutors with the remaining structures within the organization as far as the activities on the management of the ISMS are concerned.
The people responsible from the different business and support areas must be aware of the need to have business and support processes that comply with the organization’s information security policies, as well as of their obligation to implement, within their areas, the initiatives which may be necessary.
All employees, as well as third parties who may in any way have access to confidential information from Cleva’ clients, are obliged to observe and to enforce all the organization’s policies on information security and shall promptly report to the CISO or the ISM any security incident, that is, any event which has led or may lead to an information security breach.
Cleva está comprometida con el desarrollo de soluciones centrales que impulsen la transformación digital del sector asegurador a través de una plataforma integral e integrada con una gama funcional completa, desde la gestión de pólizas hasta la evaluación de riesgos y el servicio al cliente.