Information security

Information Security Policy

The BMAT executive accepts the ISO 27001 standard as a framework within which to establish an information security management system, governed by this information security policy.

By means of this policy, all staff and internal and external collaborators charged with managing BMAT assets agree to:

  • comply with the information security requirements defined in the aforementioned management system, along with both legal and contractual requirements, and
  • improve in a continuous manner the information security management system.

The  general objectives of the BMAT information security management system are to:

  • implement a course of preventative action to prevent data or services from being put at risk due to breaches of security, by putting into effect the security measures relevant to the threats and risks identified,
  • monitor the operation of services in a continuous manner, to detect anomalies in the availability and/or performance of the services,
  • define effective response mechanisms to deal with security breaches,
  • develop service continuity plans to guarantee the availability of critical services in case of serious security breaches.

BMAT staff are equipped with the resources and training necessary to ensure compliance with this policy, adapting constantly to new technologies by means of continuous access to relevant information and training.

It is the responsibility of all BMAT staff to guarantee the confidentiality, integrity, and availability of the assets managed by the information security management.