General Information Security Policy
The Legrand Group, aware of the importance and sensitivity of the information handled in its professional services of Installation, Maintenance and Support of Information Systems for the Health Care sector, has decided to implement an Information Security Management System (ISMS) based on the requirements of the ISO 27001 standard, in order to show its involvement and commitment to Information Security.
This policy has been approved by Legrand's General Management in order to create an action framework that allows:
- Ensure an optimal level of Information Security managed by Legrand, in order to achieve the full confidence of the users of health and social services.
- Preserve the availability, integrity and confidentiality of the information handled, meeting the needs and expectations of the interested parties included in the scope of the ISMS.
- Ensure compliance with current legislation and applicable regulations on information security contained in the scope of the ISMS, as well as other contractual requirements.
- Align this Security Policy with the rest of the organization's policies.
- Protect the information managed by the ISMS against any improper use, prevent possible security incidents and reduce their potential impact.
- Ensure the ability to respond to emergency situations by establishing Continuity and Availability Plans.
- Define a management system that allows continuous improvement of information security in all the processes involved in the scope defined for this system.
For this purpose, a risk management and treatment methodology has been defined and approved:
- Identifies the ISMS assets and their value from a security point of view.
- Identifies possible threats to these assets and assesses their risk level.
- Establishes a risk treatment plan and security controls to reduce the determined risk levels to an acceptable level.
- Annually monitors and reviews the status of the system and the adequacy of the risk analysis performed.