Vip District’s management, aware of the importance of good information security management for its business and customer satisfaction, has an Information Security and Privacy Management System according to ISO-27001.
Vip District recognizes the importance of protecting the confidentiality, integrity and availability of information, avoiding loss, disclosure, modification and unauthorized use of all information, including personal data, so it is committed to develop, implement, maintain and continuously improve the MANAGEMENT SYSTEM.
Therefore, Vip District offers a secure environment where access to information is exclusive to authorized persons, the information is complete without manipulation and is available.
The information security policy is applicable to all the functionalities of the system offered to our customers.
Management is responsible for:
- Ensure that information security is properly managed throughout the organization.
- To guarantee the privacy and the exercise of the rights of the interested parties.
- Periodically establish objectives on Information Security management, and the necessary actions for its development.
- Establish the risk analysis system, assessing the impact and threats.
- Implement the necessary actions to reduce the identified risks that are considered unacceptable, according to the criteria established by the Safety Committee.
- Implement the necessary controls and their corresponding monitoring methods.
- Comply with VIP DISTRICT’s legal, regulatory, customer, PII owner, and contractual security obligations.
- To guarantee each Client and PII owners that their information will be processed in accordance with the fundamental requirements of confidentiality, integrity and availability.
- Promote awareness and training in Information Security and Privacy to all VIP DISTRICT personnel.
- Provide the necessary resources to guarantee the continuity of the company’s business.
Due to the continuous evolution and intrinsic changes of the information systems and the complexity of the organization, the information security policy will be reviewed annually or whenever there are significant changes in the applicable regulations, in order to ensure that its suitability, adequacy and effectiveness are maintained.