Hispasat ratifies its firm commitment to Excellence and continuous improvement in the provision of its services aimed at satisfying the connection needs of people in any region through advanced satellite communications services capable of responding to the needs and expectations of its stakeholders with quality, efficiency, reliability and by integrating prevention into its daily work activity.
Hispasat, aware of the commitments to its customers, employees and other interested parties, considers Quality, Occupational Health and Safety, Work-Life Balance, Information Security and Social Responsibility. Quality, Health and Safety at Work, Work-Life Balance, Information Security and Social Responsibility as priority factors for the development of its activity.,priority factors for the development of its activity. Likewise, HISPASAT considers information as an asset of fundamental importance for daily operations, and establishes the necessary means to guarantee the integrity, availability, confidentiality, authenticity and traceability of the information captured, stored, processed, treated and guarded in its satellite control environment information systems. To this end, the organization has an Integrated Management System, which guarantees the achievement of the highest standards in these areas.
Hispasat's Integrated Management Systemdesigned to respond to Hispasat's commitments, is based on the following principles which are to be used by the management as a reference framework for the setting of objectives and by all employees as a reference framework in the development of their professional activity:
- Compliance with applicable national and international legal and regulatory applicable, both national and international, as well as the commitment to adapt to future standards and requirements applicable to Hispasat.
- Meeting the needs, expectations and requirements of customers, employees and other interested parties. and other interested parties.
- Concern for people, the main driving force of our organization.We are committed to promoting equal treatment and opportunities for all Hispasat professionals, as a basic and transversal principle in the management of people, the means, training, awareness, consultation and participation of our employees in the management of Quality, Information Security and Health and Safety, for the proper performance of their work. Integration of occupational health and safety and work-life balance in all our activities and decisions, as fundamental elements for the development of our activities.as fundamental elements for the development of our activities.
- Orientation of our preventive activities to the improvement of safety, the elimination of hazards and the reduction of risks.in order to prevent damage and deterioration to the health of our employees.
- Commitment to the protection of information assets and its supports, being prohibited the treatment of such information for purposes other than those established.
- Commitment to a high level of quality in the provision of our services.We are permanently concerned with providing quality, efficient and reliable answers to our clients' needs.
- Search for territorial balance and the integration of society, promoting it through the services promoting it through the services developed.
- Acting with rigor and transparencyfollowing, at all times, the established procedures and always under an ethical and responsible behavior.
- Acting responsiblyrecognizing and correcting mistakes, and having an active attitude to face the challenges of the environment.
- Developing flexible and transparent relationships with our collaborators, cooperating with them in the coordination of business activities,for an effective knowledge of risks and the development of effective protection and prevention measures.
- Development of activities hand in hand with technological leaders, in order to achieve the highest levels of quality and customer satisfaction.
In the area of Information Security Hispasat has defined general guidelines related to Information Security that allow the company to protect and ensure the integrity, availability, confidentiality, authenticity and traceability of the information captured, stored, processed and guarded, and to safeguard the resources used for the provision of its services, understanding by such concepts:
- Integrity: is the property that seeks to keep data free from unauthorized modification.
- Availability: is the characteristic, quality or condition of information to be available to those who must access it, whether they are people, processes or applications.
- Confidentiality: is the ownership of the information, by which it is guaranteed that it is accessible only to personnel authorized by GRUPO HISPASAT to access said information.
- Authenticity: is the assurance of identity or origin.
- Traceability: is the assurance that, at all times, it will be possible to determine who did what at what time.
In addition to the above, Hispasat's Management as far as Information Security is concerned, undertakes to is concerned, is committed to the following
- The information systems used by Grupo Hispasat use secure engineering as part of their acquisition process and/or modification of applications.
- All enclaves use Information Systems Security Engineering (ISSE) to implement, enhance defense, and remediate any incidents and vulnerabilities detected within the enclave boundaries.
- The necessary measures and procedures are implemented to control access to information, ensure access by authorized users, and prevent access to network services and operating systems by those who should not, in accordance with the principle of "need to know". Access to need to know information”.
- Communications systems and the internal network are protected by perimeter security elements such as firewalls and network intrusion detection systems (IDS), deployed at the site: the border of the enclave (WAN), the internal enclave and key points of the res, as required.
- The continuity of the Mission is guaranteed, and business functions are always operational within the deadlines established by the company.
- Security risk assessments of Hispasat's systems, providing mechanisms to reduce threats that may jeopardize the fulfillment of operational requirements.
- Physical security measures are established and maintained to prevent unauthorized access, theft, damage or circumstances that endanger people or assets or cause business interruption.
- The human team of the Hispasat GROUP has the necessary means, training and information to protect the information assets used in its daily operations, and the treatment of said information for different purposes is forbidden.
In this same context, the users of the information stored and processed in their information systems within the Hispasat GROUP's satellite control environment commit themselves to:
- Promote efficient use of information systems, avoiding unnecessary traffic on the network and following the guidelines established by the Group.
- Custody of the assets in their possession for the performance of their contractual duties.
- Not to disclose or directly use the information to which they have access during their working relationship with GRUPO Hispasat. All commitments must be maintained, even after termination of the employment relationship with the company.
- Ensure that all employees and third partiesin their area of responsibility, understand their responsibilities and are suitable to carry out the functions assigned to them, in order to reduce the risk of theft, fraud or misuse of the resources placed at their disposal.
- Prevent any type of unauthorized physical access. and security measures shall be taken to avoid loss, damage, theft or circumstances that endanger the assets or may cause the interruption of GROUP Hispasat's activities.
- Reefficient use of networks and and e-mail, preserving the confidentiality and integrity of the information transmitted through these media.
- Control access to the organization's information systems of the organization so that it is only performed by authorized personnel and under the security conditions that the organization has decided to operate.
- Record and report any security security incidents of which they become aware.
- Avoid any type of non-compliance with laws, regulations or legal, regulatory or contractual obligations and security requirements affecting the ISMS.
Hispasat also maintains guidelines on:
- Mobile Devices, designed to avoid compromising the security of information in the use of mobile devices, in the event of theft or loss of the devices or an intrusion to the same.
- Access Control, developed to manage the correct access of employees to company information.
- Cryptographic controls established to ensure secure access through information protection measures.
- Clear workstation and clean screen designed to prevent unauthorized access to the organization's information.
- Information Exchange defined to protect the exchange of information with third parties and prevent the interception of information distributed by the company.
- Supplier relations developed to establish organizational guidelines to mitigate risks associated with third parties.
- Compliance with safety to ensure that all safety procedures within the areas of responsibility are properly performed in order to comply with safety policies and standards and any other applicable safety requirements.
Finally, in the area of Social Responsibility Hispasat is committed to comply with the Social Responsibility Principles established by the ISO 26000 standard:
- Accountability according to which Hispasat has the duty to apply transparency for its impact on society, the economy and the environment and the actions taken.
- Transparency The company provides all information that may be required by interested parties in simple language and accessible formats.
- Respect for stakeholders' interests and promotion of ethical behavior based on the values of honesty, fairness and integrity.
- Respect for stakeholder interests.
- Compliance with the principle of legality The company's members are informed of the applicable laws and regulations so that they can take them into account in their daily activities.
- Respect for international regulations with regard to Social Responsibility.
- With respect to rights, promoting the provisions of the Universal Charter of Human Rights.
The above guidelines and commitments are specified and developed through the Integrated Management System that the Management is committed to establish according to certain standards oriented towards the Models of Excellence, all based on people management, process management and continuous improvement of processes and the Integrated Management System; ensuring its effectiveness and efficiency in the development of professional activities.
Integrated Management Policy