Information Security Policy

GM TECHNOLOGY, a company dedicated to imports, exports, leasing, renting, technical service and sales of new and used office machines, consumables and spares, office material and reprography services, has decided to implement a Management System for Information Security based on ISO 27001 standard, in order to preserve the confidentiality, integrity and availability of information, protect this information from a large variety of threats and ensure the continuity of business lines, minimize damages and maximize the returns on investments as well as business opportunities and a continuous improvement.

GM TECHNOLOGY Management Department is aware that the information is a highly valuable asset for the Company and thus requires adequate protection.

The following aspects are established by GM TECHNOLOGY’s Management Department as baseline objectives, starting point, and as support of these objectives and principles of information security:

  • Protection of data of personal nature and privacy of individuals.
  • Safeguarding of company records.
  • Protection of intellectual property rights.
  • Documentation of information security policy.
  • Allocation of security responsibilities.
  • Training and qualification for information security.
  • Record of security incidences.
  • Management of the continuity of business lines.
  • Management of changes that could be generated within the company concerning security.

GM TECHNOLOGY Management Department undertakes the following commitments by developing and implementing the above mentioned Management System for Information Security:

  • Developing products and services in compliance with legal requirements, by identifying applicable regulations designed for business lines developed by the company and included in the scope of the Management System for Information Security.
  • Establishing and complying with contract requirements with the interested parties. Defining the requirements on the training of aspects concerning security issues and providing the required training of this subject to interested parties by establishing learning programs.
  • Preventing and identifying viruses and other malware by developing specific policies and establishing contractual agreements with specialized organizations.
  • Management of business continuity by developing continuity plans in compliance with internationally renowned methodologies.
  • Consideration of consequences involved by violations of the security policy, which will appear in contracts signed with interested parties, suppliers and subcontractors.
  • Work under the strictest professional ethics at all times.

This policy provides the reference framework to continuously improve the Management System for Information Security as well as to establish and revise its objectives. This policy shall be communicated to the company by the document manager installed and shall also appear on notice boards, being reviewed annually for its adequacy and, exceptionally, when specific situations and/or substantial changes may arise in the Management System for Information Security, which shall also be made publicly available.