The GARRIGUES Group has taken the decision to manage its Information Systems using best international practices, in line with ISO/IEC standard 27001:2013. Given the importance of the Information Systems, the management of GARRIGUES has established the following Fundamental Information Security Principles:
- Regulatory compliance principle: all Information Systems will be brought into line with the applicable legislation, regulations and industry rules on information security, particularly those relating to personal data protection, and the security of systems, data, communications and electronic services
- Risk management principle: risks should be minimized to acceptable levels and a balance should be sought between security controls and the nature of the information. Security objectives should be established, reviewed and consistent with information security aspects.
- Awareness and training principle: information security training programs and awareness campaigns will be drawn up for all users with access to information.
- Principles of confidentiality, integrity and availability:
• The confidentiality of the information must be guaranteed, so that it can only be accessed by authorized persons.
• The integrity of the information worked with must be guaranteed, so that it is concise and precise, with an emphasis on accuracy, both of the content of the information and the processes involved.
• The availability of the information must be guaranteed, ensuring the continuity of business supported by information services through contingency plans.
- Proportionality principle: controls to mitigate asset security risks should be implemented in such a way as to seek a balance between the security measures, the nature of the information and the risk.
- Responsibility principle: All members of the GARRIGUES Group should be responsible for their conduct as regards information security, complying with the rules and controls established.
- Continuous improvement principle: the degree of effectiveness of the security controls implemented at the firm will be reviewed on a continuous basis in order to increase the ability to adapt to the constantly changing nature of risks and of the technological environment.
This policy constitutes the reference framework for the establishment of security objectives.
If you require any additional information on our security policy or have any suggestions in this regard, you can send an email to the following address: [email protected]