INOXPA AUSTRALIA

8 Law Court, Sunshine

VIC 3020, Australia

1300 816 483

inoxpa.au@inoxpa.com

Information Security Policy


1. Purpose

The purpose of this policy is to provide the directives or guidelines to be followed in order to protect the Organization’s information from a wide range of threats.

2. Scope

The scope of the Information Security Policy coincides with the scope of the ISMS as established in the document “I-TIC-001 Context of the Organization”.

3. Definitions and Acronyms

For the correct interpretation of this Policy, the following definitions are included:

  • Information: Data that has meaning, in any format or medium. It refers to all communication or representation of knowledge.
  • Information System: A set of related and organized resources for processing information, according to specific procedures, both computerized and manual.

4. Specifications

4.1. Objectives of the Information Security Policy

To ensure that clients and service users have access to information with the quality and service level required for agreed performance, and to prevent loss or alteration of information and unauthorized access.

A framework is established for achieving the organization’s information security objectives. These objectives will be achieved through a series of organizational measures and clearly defined rules.

This Security Policy will be maintained, updated, and adapted to the organization’s purposes.

The principles to be respected, based on the basic dimensions of security, are:

  • Confidentiality: Only those authorized and properly identified may access the information managed by INOXPA, at the appropriate time and through the enabled means.
  • Integrity: Ensures the validity, accuracy, and completeness of the information managed by INOXPA, allowing it to be modified only by those authorized.
  • Availability: Information managed by INOXPA is accessible and usable by authorized and identified clients and users at all times, with its persistence guaranteed against foreseeable events.

Additionally, since any Information Security Management System must comply with current legislation, the following principle applies:

  • Legality: Refers to compliance with laws, regulations, or provisions applicable to INOXPA, especially regarding personal data protection.

4.2. Risk Management

Information Security management at INOXPA is risk-based, in accordance with the international standard ISO/IEC 27001:2022.

Processes will be periodically generated to identify potential risks that may affect the security of the information of the services provided. These risks will then be analyzed and evaluated to take appropriate treatment actions through measures or controls.

This process is cyclical and must be carried out periodically, at least once a year. Each identified risk will be assigned an owner, and multiple responsibilities may fall on the same person or committee.

4.3. Roles, Responsibilities, and Authorities

Described in the document “N-TIC-007 Roles, Responsibilities, and Authorities”.

4.4. ISMS Objectives

The INOXPA ISMS must ensure:

  • Development of policies, regulations, procedures, and operational guides to support the information security policy.
  • Identification of information that must be protected.
  • Establishment and maintenance of risk management aligned with the ISMS policy and INOXPA’s strategy.
  • Establishment of a methodology for risk assessment and treatment.
  • Establishment of criteria to measure ISMS compliance.
  • Correction of non-conformities through corrective actions.
  • Training and awareness of personnel on information security.
  • Informing all personnel of their obligation to comply with the information security policy.
  • Allocation of necessary resources to manage the ISMS.
  • Identification and compliance with all legal, regulatory, and contractual requirements.
  • Identification and analysis of information security implications regarding business requirements.
  • Measurement of the maturity level of the information security management system.
  • Continuous improvement of the ISMS.

4.5. Organization and Responsibilities

  • The General Management of INOXPA is responsible for approving this policy.
  • The Information Security Management Committee is responsible for reviewing this policy.
  • The ISMS Security Officer is responsible for maintaining this policy.

4.6. Policy Implementation

INOXPA has developed this document containing the General Information Security Policy, which has been approved by General Management and communicated to all company personnel.

4.7. Training and Awareness

The ISMS Security Officer must ensure that all personnel involved in the ISMS are aware of this policy, its objectives, and processes through dissemination, training, and awareness actions.

The ISMS Communication Officer must ensure the distribution of documents applicable to each level, according to the different roles defined in the company.

4.8. Audit

The General Management of INOXPA must ensure and verify, through internal and external audits, the degree of compliance with this Policy and that it is properly operated and implemented, being responsible for the implementation of corrective measures to maintain continuous improvement.

4.9. Validity and Update

This policy is effective from the moment of its publication and is reviewed at least once a year.

5. References

  • I-TIC-001 – Context of the Organization
  • N-TIC-007 – Roles, Responsibilities, and Authorities

6. Sanctions

Failure to comply with the Information Security Policy and other related regulations and procedures will result in sanctions, depending on the severity and nature of the non-compliance, in accordance with current labor legislation.

7. Ratification

All signatories below fully accept the content of this Policy and commit to applying it in their respective areas to ensure the proper functioning of the Information Security Management System.

ㅤㅤㅤㅤㅤ

Banyoles, May 14, 2024

ㅤㅤㅤㅤㅤ

General Management

ISMS Security Officer

ㅤㅤㅤㅤㅤ

Cookies Policy

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. However, blocking some types of cookies may affect your experience on the site and the services we can offer. Cookies policy page

Reject Accept all cookies
Allow selection
Necessary (2)
Preferences (0)
Statistics (7)
Marketing (11)
About cookies

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Name Provider Purpose Expiry Type
cc_cookie_accept www.inoxpa.com.au Stores the user's cookie consent state for the current domain 1 year HTTP
PHPSESSID www.inoxpa.com.au Preserves user session state across page requests. Session HTTP
collect Google Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. Session Pixel
_ga Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years HTTP
_ga_# www.inoxpa.com.au Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. 2 years HTTP
_gat_ Google Used by Google Analytics to throttle request rate 1 day HTTP
_gid Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP
fr Facebook Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 3 months HTTP
_fbp Facebook Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 3 months HTTP
IDE Google Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year HTTP
ads/ga-audiences Google Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. Session Pixel
VISITOR_INFO1_LIVE YouTube Tries to estimate the users' bandwidth on pages with integrated YouTube videos. 179 days HTTP
YSC YouTube Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session HTTP
yt-remote-cast-installed YouTube Stores the user's video player preferences using embedded YouTube video. Session HTML
yt-remote-connected-devices YouTube Stores the user's video player preferences using embedded YouTube video. Persistent HTML
yt-remote-device-id YouTube Stores the user's video player preferences using embedded YouTube video. Persistent HTML
yt-remote-fast-check-period YouTube Stores the user's video player preferences using embedded YouTube video. Session HTML
yt-remote-session-app YouTube Stores the user's video player preferences using embedded YouTube video. Session HTML
yt-remote-session-app YouTube Stores the user's video player preferences using embedded YouTube video. Session HTML
yt-remote-session-name YouTube Stores the user's video player preferences using embedded YouTube video. Session HTML
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website. Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy. Please state your consent ID and date when you contact us regarding your consent.