Information security policy
Due to the importance of information systems, Neo Group implements through its management the following fundamental principles of security of information.
Due to the importance of information systems, Neo Group implements through its management the following fundamental principles of security of information.
All information systems shall comply with any applicable law, regulation and business’ industry requirements, that affect information security, especially those related to the protection of personal data, IT systems, data, electronic communications and services
Risks must be minimised to acceptable levels and security controls must be adequate and coherent with the nature of the information. Security’s objectives must be established, reviewed, and be consistent with information security requirements.
Training programs and awareness campaigns shall be organised for all users with access to information, in connection with the field of information security.
Assets security risk must be managed by seeking a balance between security measures, the nature of the information and the risk.
All employees of Neo are responsible for their conduct and actions regarding information security and must comply with the established rules and controls.
The degree of effectiveness of the security controls implemented in the organisation will be reviewed periodically to ensure the capacity to adapt them to the constant evolution of risk and the technological environment and context of the organisation.
Consistent with the responsibility assumed and convinced that information security management is essential for the future and excellence of the organisation, Neo team management is committed to provide the necessary resources to comply with this policy.
In accordance with this policy, security objectives are established at all levels, monitoring the degree of compliance, so that we can measure the improvement.
Neo team management periodically reviews the Information Security Management System (ISMS) with the commitment to ensure the correct and effective development, continuous improvement, and that it adapts to new applicable legal, regulatory and business requirements.
Approved: February 2021