Information Security and Business Continuity Policy
SCOPE
B-Simple’s Information Security Policy fully covers the processes involved in the development, implementation and maintenance of software solutions for the clinical areas of healthcare institutions. This policy complies with the currently applicable Statement of Applicability.
B-Simple is committed to protecting the confidentiality, integrity, availability, traceability and authenticity of information, while also ensuring the continuity of its critical operations in the event of incidents that may affect the delivery of its services.
To this end, security measures and technical and organisational controls are implemented to prevent, detect and respond to threats, as well as to ensure the timely recovery of essential systems and data.
The company maintains procedures that allow critical functions to be restored with minimal impact, ensuring system resilience and business continuity in alignment with information security objectives.
MISSION
- Our mission is to protect the confidentiality, integrity and availability of critical company and customer information, ensuring that information security is an integral part of our organisational culture. We include in this commitment the continuity of critical operations, reinforcing the organisation’s resilience and the trust of our clients and partners.
VISION
- Our vision is to be recognised as a model company in the field of information security, setting the highest standards of data protection and serving as an example to other organisations.
PRINCIPLES AND VALUES
- Commitment to confidentiality: We value and protect the confidentiality of our clients’ and company’s information.
- Data integrity: We guarantee the integrity of data across all our processes and systems.
- Resource availability: We ensure the availability of essential IT resources for business continuity.
- Continuous improvement: We are committed to continuously evaluating, improving and updating our information security practices.
- Legal compliance: We comply with all applicable information security laws and regulations.
B-Simple’s Information Security Policy
The Information Security Policy applies to all operations, processes and systems of B-Simple, including employees, contractors, suppliers and any other party that has access to or is involved in handling sensitive company information.
It establishes the set of guidelines and measures to protect information assets against internal and external threats.
The purpose of this policy is to protect the company’s critical assets and to strengthen the trust of clients and partners in the company’s integrity and commitment to data protection.
By implementing and maintaining the Information Security Policy, B-Simple aims to establish a strong and consistent security culture throughout the organisation. To this end, we commit to:
- Ensuring the conditions for continuous improvement of the system through periodic monitoring and reviews of aspects related to Information Security;
- Adopting and maintaining all applicable legal requirements in the context of Information Security;
- Promoting ongoing awareness of information security and conducting training programmes to ensure that all employees understand how information security is part of their roles and their responsibilities in protecting the confidentiality, integrity and availability of information;
- Ensuring that all employees are aware of and comply with existing security policies and procedures;
- Promoting the continuous improvement of all organisational processes, enhancing their optimisation, effectiveness and efficiency, particularly those supporting the ISMS – Information Security Management System;
- Ensuring that the resources necessary for the ISMS – Information Security Management System are available;
- Ensuring that the ISMS – Information Security Management System achieves its intended objectives;
- Ensuring that the determination of the impact of information security incidents, as well as the definition of the security category of the information system concerned, is carried out in accordance with the Information Security Incident Management Procedure, taking into account the dimensions of Confidentiality [C], Integrity [I], Availability [A], Traceability [T] and Authenticity [Au];
- Maintaining a Business Impact Analysis (BIA), a Contingency Plan and a Business Continuity Plan, reviewed annually, in order to ensure the capacity to respond to and recover from relevant incidents that may affect the company’s critical operations.