Information Security Policy

HISPASAT considers information to be a fundamental asset to its daily operations and has therefore established the necessary means to guarantee the integrity, availability, confidentiality, authenticity and traceability of information stored and processed in its information systems in the area of satellite control.

HISPASAT's Information Security Policy aims to establish general guidelines related to Information Security that enable the company to protect and ensure the integrity, availability, confidentiality, authenticity and traceability of all information captured, stored, processed and kept in their systems, and to safeguard the resources used when providing services. The aforementioned terms are understood as the following definitions:

  • Integrity: the property of maintaining data free from unauthorised modifications.
  • Availability: the characteristic, quality or condition of information made available to the people, processes or applications that must have access to it.
  • Confidentiality: the property of information that guarantees it shall only be accessible to personnel authorised by HISPASAT to have such access.
  • Authenticity: assuring the identity or origin of information.
  • Traceability: assuring that at any time it may be determined who did what at what time.

The policy is integrally specified through its consistency with management principles, and shall be carried out by the Management System, which Management has committed to establish in accordance with the ISO standards aimed at achieving Models of Excellence. The policy is based on the management of people, management by processes and continual improvement, guaranteeing efficiency and effectiveness.

Information Security Objectives are coherent with this Policy and are annually revised and updated based on HISPASAT's assessment, allowing for on-going improvement in our performance.

Compliance with the applicable legal regulations and standards on Information Security, both national and international, and with current legislation in Spain on reproduction rights, patents, registered trademarks and anything considered to be related to copyright that applies to the Internet, and any other requirement that may apply to information security, as well as the decision to apply future standards and/or security regulations, shall be the commitment and responsibility of all employees and service providers at HISPASAT.

Management is committed to ensuring the following:

  • The automated information systems (AIS) at HISPASAT shall use Information Systems Security Engineering (ISSE) as part of their process of acquiring and/or modifying applications.
  • All enclaves shall use ISSE to implement, improve protection and solve any incident and/or vulnerability detected within the limits of the enclave.
  • The necessary measures and procedures shall be implemented to control access to information, ensure authorised user access and prevent unauthorised people from accessing services on the network and operating systems, in accordance with the principle of "Access to need to know information".
  • The communications systems and the internal network shall be protectedby perimeter security features, such as firewalls and intrusion detection systems (IDS), activated at: the border of the enclave (WAN), the internal enclave and key points in the network, as required.
  • The continuity of the Mission and business functions shall be guaranteed within a period of 24 hours.
  • Security risk assessment shall be carried outfor the information on HISPASAT's systems, providing mechanisms to reduce threats that may hinder the ability to fulfil the operative requirements.
  • Measures to ensure physical security shall be established and maintained in order to prevent unauthorised access, theft, damages or circumstances that put people or assets in danger or cause a disruption of activities.

HISPASAT's personnel have the necessary means, training and information to protect the information assets used in daily operations, and it is strictly forbidden to tamper with such information or use it for different purposes.

Suppliers and subcontractors shall be bound by this Policy to protect and ensure the integrity, availability, confidentiality and traceability of information and resources used for their services.

Este sitio web usa cookies propias y de terceros para mejorar nuestros servicios y recoger información sobre su navegación. Si pulsa "aceptar" o continua navegando consideraremos que admite el uso e instalación en su equipo o dispositivo. Encontrará más información en nuestra Política de Cookies.