- About the firm
- News, Insights, Events
- Join us
- Regulatory compliance principle: all information systems will be brought into line with the applicable legislation, regulations and industry rules on information security, particularly those relating to personal data protection, and the security of systems, data, communications and electronic services
- Risk management principle: risks should be minimized to acceptable levels and a balance should be sought between security controls and the nature of the information. Security objectives should be established, reviewed and consistent with information security aspects.
- Awareness and training principle: information security training programs and awareness campaigns will be drawn up for all users with access to information.
- Principles of confidentiality, integrity and availability:
• The confidentiality of the information must be guaranteed, so that it can only be accessed by authorized persons.
• The integrity of the information worked with must be guaranteed, so that it is concise and precise, with an emphasis on accuracy, both of the content of the information and the processes involved.
• The availability of the information must be guaranteed, ensuring the continuity of business supported by information services through contingency plans.
- Proportionality principle: controls to mitigate asset security risks should be implemented within the budgetary framework provided for such purpose, seeking a balance at all times between the security measures, the nature of the information and the envisaged budget.
- Responsibility principle: All members of the GARRIGUES Group should be responsible for their conduct as regards information security, complying with the rules and controls established.
- Continuous improvement principle: the degree of effectiveness of the security controls implemented at the firm will be reviewed on a continuous basis in order to increase the ability to adapt to the constantly changing nature of risks and of the technological environment.