Skip to main content

Information Security Policy

Information Security is a permanent, dynamic, and planned activity that is part of Epidata’s overall objectives.

All employees, collaborators, and third parties, regardless of their level within Epidata, adopt all necessary preventive measures to prevent security risks related to the information generated, stored, transmitted, and processed by Epidata.

The management of Epidata considers that the achievement of its objectives is subject to compliance with the following requirements aimed at ensuring information security within Epidata:

  • Confidentiality: ensuring that information is only known to authorized individuals.
  • Integrity: ensuring the protection of information against alteration, loss, or destruction, whether accidental or fraudulent.
  • Availability: ensuring that information can be accessed and used in the required form and time.

To achieve this, various practices are established for the protection and management of technological resources to prevent potential threats, both internal and external, whether deliberate or accidental. These practices are supported by adequate risk management, through which specific information security controls are implemented and managed. The implemented security controls align with those defined in the organization’s “statement of applicability,” by the requirements of the IRAM-ISO/IEC 27001:2015 standard, in which Epidata has been certified since 2020.

In this way, Information Security is considered an important factor in Epidata, and for this purpose, this Policy establishes the following guidelines:

  • This document is accessible to all members of Epidata, as well as external personnel related to any of its processes.
  • Information is accessible only to duly authorized individuals, whether or not they belong to Epidata.
  • Epidata complies with all applicable legal, regulatory, and statutory requirements, as well as contractual requirements.
  • All Epidata personnel have adequate training and awareness in information security matters.
  • Any incident or weakness that may compromise or have compromised the confidentiality, integrity, and/or availability of information is recorded and analyzed to apply the corresponding corrective and/or preventive measures.
  • The responsible parties for quality processes, as well as Epidata’s management, are responsible for implementing, maintaining, and improving this policy, as well as ensuring its effective compliance.