HISPASAT ratifies its firm commitment to Excellence and continuous improvement in the provision of its services aimed at satisfying the connection needs of people in any region through advanced satellite communications services capable of responding with quality, efficiency, reliability and integrating prevention into their daily work activity, according to the needs and expectations of their interest groups.
HISPASAT, aware of thecommitments contracted with its customers, employees and other interested parties considers theQuality, Safety and Health at Work,the culture of well-being,the middletoenvironment,the Reconciliation of personal and work life, Information Security and Social Responsibility,priority factors for the development of its activity. Likewise, HISPASAT considers information as an asset of fundamental importance for daily operations, and establishes the necessary means to guarantee the integrity, availability, confidentiality, authenticity and traceability of the information captured, stored, processed, processed and guarded in its information systems. satellite control environment information. To this end, the organization has an Integrated Management System, which guarantees the achievement of the highest standards in these areas.
The HISPASAT Integrated Management System, designed to respond to thecommitmentsindicated,is based on the following principles that must serve the management as a frame of reference for setting objectives and all its employees as a frame of reference in the development of their professional activity:
▪ Compliance with legal and regulatory standardsapplicable, both nationally and internationally, as well as the commitment to adapt to future standards, application requirements for HISPASAT.
▪ Satisfying the needs, expectations and requirements of customers, employees and other interested parties.
▪ Concern for people, the main engine of our organization, committing ourselves to favor equal treatment and opportunities for all HISPASAT professionals, as a basic and transversal principle in the management of people, the media, training, awareness, consultation and participation of our employees in the management of the Quality, Information Security and Safety and Health, for the proper performance of their work.Integration of health and safety at work and the reconciliation between personal and professional life in all our activities and decisions, as element fundamental elementsfor the development of our activities.
▪ Orientation of our preventive activities to improve safety, eliminate hazards and reduce risks, in order to prevent damage and deterioration to the health of our employees.
▪ Commitment to the protection of information assets and its supports, being prohibited the processing of such information for purposes other than those established.
▪ Commitment to a high level of quality in the provision of our services, maintaining a permanent concern for providing quality, effective and reliable responses to the needs of our customers.
▪ Search for territorial balance and integration of societypromoting it through the services developed.
▪ Action with rigor and transparency, following, at all times, the established procedures and always under an ethical and responsible behavior.
▪ responsible action, recognizing and correcting errors, and having an active attitude to face the challenges of the environment.
▪ Development of flexible and transparent relationships with our collaborators, cooperating with themin the coordination of business activities,for an effective knowledge of the risks, the development of effective protection and prevention measures.
▪ Development of activities hand in hand with technological leaders in the sector,in order to achieve the highest levels of quality and satisfaction of our customers.
In the field of Information Security HISPASAT has defined general guidelines related to Information Security that allow the company to protect and ensure the integrity, availability, confidentiality, authenticity and traceability of the information captured, stored, processed and guarded, and safeguard the resources used for the provision of its services, understanding by such concepts:
▪ Integrity:is the property that seeks to keep data free from unauthorized modification.
▪ Availability:It is the characteristic, quality or condition of the information to be available to those who must access it, whether they are people, processes or applications.
▪ confidentiality:is the ownership of the information, which guarantees that it is accessible only to personnel authorized by GRUPO HISPASAT to access said information.
▪ Authenticity:it is the assurance of identity or origin.
▪ traceability:it is the assurance that, at all times, it will be possible to determine who did what and at what time.
In addition to the aforementioned, the HISPASAT Managementregarding the field of Information Securityrefers, undertakes that:
▪ information systems, employed by GRUPO HISPASAT use secure engineering as part of their application acquisition and/or modification process.
▪ all enclaves use Information Systems Security Engineering (ISSE) to implement, improve defense and solve any incident and vulnerability detected within the limits of the enclave.
▪ The necessary measures and procedures are implemented to control access to information, ensure access by authorized users and prevent access to network services and operating systems to those who should not, in accordance with the principle of "Need to know or Access to need to know information".
▪ Communication systems and the internal network are protectedby perimeter security elements such as firewalls and network intrusion detection systems (IDS), deployed at: the border of the enclave (WAN), the internal enclave and key points of the res, as necessary.
▪ The continuity of the Mission is guaranteed and the business functions are always operational within the deadlines established by the company.
▪ Security risk assessments are performed of information from HISPASAT systems, providing mechanisms to reduce threats that put compliance with operational requirements at risk.
▪ Physical security measures are established and maintained necessary to prevent unauthorized access, theft, damage or circumstances that endanger people or assets or cause the interruption of activities.
▪ The human team of GRUPO HISPASAT has the necessary means, training and information to protect the information assets used in its daily operations, the processing of said information for different purposes being prohibited.
In this same context,the users of the information stored and processed in its information systems within the satellite control environment of the HISPASAT GROU Pthey commit to:
▪ Promote efficient use of systems of information avoiding unnecessary network traffic and following the guidelines established by the Group.
▪ Custody of assets that they have in possession for the performance of their contractual duties.
▪ Do not disclose or directly use the information to which they have access during their employment relationship with GRUPO HISPASAT. All commitments must be maintained, even after the termination of the employment relationship with the company.
▪ Ensure that all employees and third parties, in their area of responsibility,understand their responsibilities and are adequate to carry out the functions that correspond to them, in order to reduce the risk of theft, fraud or improper use of the resources made available to them.
▪ Prevent all kinds of unauthorized physical access and security measures will be taken to avoid loss, damage, theft or circumstances that endanger the assets or may cause the interruption of the activities of GRUPO HISPASAT.
Realize efficient use of networksand email, preserving the confidentiality and integrity of the information transmitted through these means.
▪ Control access to information systems of the organization so that it is only carried out by authorized personnel and in the security conditions that the organization has decided to operate.
▪ Record and report any incident security of which they are aware.
▪ Avoid any type of non-compliance with the laws or legal, regulatory or contractual obligations and security requirements that affect the ISMS.
HISPASAT also maintains guidelines on:
▪ Mobile devices,prepared to avoid compromising the security of information in the use of mobile devices, in the event of theft or loss of the devices or due to an intrusion into it.
▪ Access control,developed to manage the correct access of employees to company information.
▪ cryptographic controlsestablished to guarantee secure access through information protection measures.
▪ Uncluttered workplace and clean screenprepared to prevent unauthorized access to the organization's information.
▪ information exchangedefined to protect the exchange of information with third parties and prevent the interception of information distributed by the company.
▪ Relations with suppliersdeveloped to establish organizational guidelines that mitigate the risks associated with third parties.
▪ compliancewith security for ensure that all security procedures within areas of responsibility are performed correctly in order to comply with security policies and standards and any other applicable security requirements.
Additionally, in the field of Social Responsibility HISPASAT maintains the commitment to comply with the Principles of Social Responsibility established by the ISO 26000 standard of: ▪ Accountability, according to which HISPASAT has the duty to apply transparency due to its impact on society, the economy and the environment and the actions taken.
▪ Transparency, by virtue of which it provides all the information that interested parties may require in simple language and in accessible formats.
▪ Respect for the interests of interested parties and promotion of ethical behavior, based on the values of honesty, fairness and integrity.
▪ Respect for the interests of interested parties.
▪ Compliance with the principle of legality, making its members aware of the applicable laws and regulations so that all of them take them into account in their ordinary activity.
▪ Respect for international regulationsin terms of Social Responsibility.
▪ Regarding rights, promotingwhat is established in the Universal Charter of Human Rights.
With respect toThe scope of the management of a Healthy Organization (Model SIGOS), The HISPASAT GROUP seeks to achieve for its organization and its stakeholders a culture of wellbeing that provides safe, healthy work environments that are committed to the environment that also involves:
▪ The improvement of the health and safety of the members of the organization,of their personal, family and community environment.
▪ The promotion of healthy lifestyles.
▪ A commitment to the community.
▪ Taking into account their specific risk factors and their consequences, its direct and indirect context and the legal requirements and other requirements that the organization subscribes to in the field of health and wellbeing.
Ffinally,andin the field of the EnvironmentSpecifically, through this policy, the HISPASAT GROUP formalises:
▪ Your commitment to protecting the environment, including pollution prevention, and other specific commitments relevant to the context of the organization.
▪ Your commitment to comply with legal and other requirementsthat, in environmental matters, apply to their activities and centers.
The above guidelines and commitments are specified and developed through the Integrated Management System that Management undertakes to establish in accordance with certain standards oriented towards Excellence Models, all of which is based on people management, process management and the continuous improvement of processes and the Integrated Management System; guaranteeing its effectiveness and efficiency in the development of professional activities.