At the express desire of AVIVA VOICE's management, we state our willingness and commitment to take the necessary steps to successfully implement the Integrated Management System (IMS) based on the requirements laid down by the norms and international standards UNE-ISO/IEC 27001 Standing, UNE -ISO/IEC 27002 Standing and UNE 71505-2 Standing.
The IMS sets out a framework with the following objectives:
- Laying down an organisational framework for the management of the security of information and electronic evidences, defining and allocating responsibilities to take the appropriate measures.
- Ensuring suitable standards of security for the information handled by AVIVA VOICE, guaranteeing transparency, trust and integrity to our customers and employees, and a service portfolio enabling to efficiently meets their needs.
- Improving the preparation and awareness of the staff involved in the delivery of the services.
- Complying with the standards and regulations applicable in the area of electronic evidence and information security, as well as the commitments undertaken with other stakeholders.
- Managing risks to the privacy of the stakeholders for whom AVIVA VOICE manages personal data, both as data controller and data processor.
- Increasing the efficiency and effectiveness of the internal processes.
- Implementing, maintaining and following-up the Integrated Management System.
- The Management shall set the objectives for the period on a yearly basis.
The safety level is based on the relevant risk assessment. The risks threatening the assets involved in the processing of AVIVA VOICE's information and electronic evidences have been identified and will be assessed on an ongoing basis, planning their reduction and control whenever possible, as well as their permanent monitoring, following the risk analysis methodology established by AVIVA VOICE, where the risk assessment criteria are laid down.
To fulfil our purposes, a Security Policy has been established across all AVIVA VOICE levels, enabling us to continuously improve our business processes and the preparation of our staff in the field of Information Security and protection of electronic evidences and assets, ensuring, among other things, that the IMS is always aligned with AVIVA VOICE's objectives, the established risk management scheme, in accordance with the legal and statutory requirements and the contractual obligations, and that it has the necessary resources to ensure its proper functioning, maintenance and ongoing improvement.
To reach this security level, it is necessary, and this is how AVIVA VOICE's management sees it, to reach a compromise among the different Departments, by providing the suitable collaboration and communication channels.