General information security policy

  • Home
  • >
  • General information security policy

Objective

Information is a fundamental asset for Mr. Houston.

         

Therefore, we are committed to ensuring its confidentiality, integrity, and availability, aligning our practices with international security standards, particularly the ISO/IEC 27001 standard.

Scope

This policy applies to all employees, contractors, suppliers, and any other stakeholders who have access to Mr. Houston’s information and systems, regardless of their location or format.

 

Objectives and Commitment

The management, on behalf of Mr. Houston, is committed to achieving the following general objectives:

1.- Ensure the security of information by safeguarding its confidentiality, integrity, and availability.

2.- Foster a culture of responsibility in information security, promoting continuous awareness and training.

3.-  Comply with legal, regulatory, and contractual requirements related to information security, personal data protection, intellectual property protection, and any other relevant regulations.

4.-  Adopt standards and best practices in information security.

5.-  Design, implement, and maintain an appropriate Information Security Management System (ISMS).

6.-  Establish and periodically review these information security objectives, aligned with the organization’s purpose and strategy, as well as identified threats and the fundamental principles of information security described in this policy.

7.- Ensure the oversight and monitoring of compliance with these information security objectives.

8.-  Provide the organization with the necessary resources (technological, human, and financial) to ensure the protection of information.

9.- Identify, assess, and address risks to which the organization is exposed in a continuous and diligent manner.

10.-  Work on self-assessment and continuous improvement, identifying opportunities to optimize information security.

 

Fundamental Principles of Information Security

In all actions and decisions related to information security, Mr. Houston will be guided by the following fundamental principles:

– Protection of information, ensuring its confidentiality, integrity, and availability.

– Legal and regulatory compliance, ensuring adaptation to applicable regulations and requirements.

– Risk management, identifying, assessing, and mitigating potential threats and vulnerabilities to protect information assets.

– Training and awareness, promoting the active responsibility of all collaborators through awareness programs.

– Continuous improvement, optimizing processes, tools, and security measures to respond to Mr. Houston’s context.

 

Dissemination and Communication

This policy will be communicated and made publicly available to all stakeholders, both internal and external to the organization.

The document will be published through appropriate channels to ensure access for stakeholders, such as the organization’s public website, corporate intranet, and internal document management system to facilitate access for internal personnel.

 

Responsibilities 

– The Management of Mr. Houston is responsible for defining, disseminating, promoting, and overseeing this policy, as well as ensuring that the necessary resources are allocated for its proper implementation.

The Cybersecurity Coordination Committee (CCC) is a multidisciplinary body responsible for overseeing, advising, and ensuring the implementation, updating, and compliance of the organization’s Security Plan, aligned with standards such as ISO 27001, managing risks, and coordinating responses to critical incidents.

The organization’s Cybersecurity Officer is responsible for the implementation, oversight, and improvement of the ISMS, coordinating security initiatives, and managing information-related incidents.

The IT Technical Team of Mr. Houston is responsible for the technical means necessary to ensure the operation of the ISMS.

All employees and collaborators of the company must comply with this policy and the regulations derived from it. They are responsible for safeguarding information security in their daily activities. They have the duty to report any information security incident as soon as they become aware of it through the channels established by the organization.

 

Review and Approval

This policy will be periodically reviewed and updated according to the organization’s needs and changes in the environment.

Approved by the Management Committee of Mr. Houston on January 22, 2025.