Security policy

Aquí tienes una traducción profesional y natural al inglés para poner directamente en la versión EN de la página:

INFORMATION SECURITY POLICY

THIRTEEN PRODUCTIONS SL is a video production company specialized in the automotive sector, dedicated to creating photo and video content for different clients.

THIRTEEN PRODUCTIONS SL has implemented an Information Security Management System whose objective is to achieve the expected customer satisfaction through established processes based on continuous improvement, ensuring the continuity of information systems, minimizing risks, and guaranteeing compliance with established objectives in order to ensure at all times the confidentiality, integrity, and availability of information.

To this end, we assume our commitment to information security according to the reference standards:

TISAX, for which Management establishes the following principles:

  • Competence and leadership by Management as a commitment to developing the Information Security Management System.
  • Establish objectives and goals focused on evaluating security performance, as well as continuous improvement in the activities regulated within the Information Security Management System.
  • Comply with the requirements of applicable legislation, commitments acquired with clients and interested parties, and all internal rules or operational guidelines adopted by the company.
  • Ensure the confidentiality of managed data, as well as the integrity and availability of information systems and information assets, both in customer services and internal management, avoiding unauthorized modifications to information.
  • Ensure the ability to respond to emergency situations, restoring critical services in the shortest possible time.
  • Establish appropriate measures for the treatment of risks derived from the identification and evaluation of assets.
  • Guarantee continuous analysis of all relevant processes, establishing appropriate improvements in each case according to obtained results and defined objectives.

To achieve these general objectives, the Management of the company assumes a firm commitment to optimizing its information security policy based on the following factors:

  • Risk Prevention: Establish the necessary guidelines and resources regarding risk prevention with the main objective of eliminating or mitigating risks.
  • Commitment to Environmental Protection: Reduce and prevent environmental impacts generated by our activities, products, or services.
  • Legal Requirements: Understand legal requirements and other requirements specified by our clients as a minimum set of obligations to be fulfilled.
  • Awareness and Communication: Promote and disseminate information security improvements. Effective communication of these policies is essential to ensure compliance and the protection of information assets.
  • Stakeholder Collaboration: Joint participation with suppliers to improve information security.
  • Training: Continuous training of our staff in technical knowledge and skills, encouraging participation and commitment to this policy, system improvement, and information security.
  • Monitoring: Establish indicators at all levels that allow evidence-based decision making.
  • Continuous Improvement: Establish and periodically review objectives and goals that provide a framework for the continuous improvement of processes and sustainable development.
  • Analysis: Analyze and evaluate any deviations related to information security and establish the necessary corrective actions and improvement opportunities.
  • Integrated System: Participatory involvement of all organizational groups at every level, being aware of their contribution to the system objectives and the consequences of non-compliance.

Consequences of Non-Compliance: Failure to comply with information security policies may have serious consequences for the organization and its staff. Violations of these policies will be treated with the utmost seriousness and may result in disciplinary measures ranging from warnings to termination of employment, depending on the severity of the infringement. Furthermore, if non-compliance leads to legal consequences, employees may face civil or criminal sanctions.

Periodic Policy Reviews: In order to ensure that our information security policies remain updated and effective, annual reviews will be carried out. These reviews will consider regulatory changes, the evolution of security threats, and modifications to the organization’s strategy. Whenever necessary, policies will be adjusted to reflect new realities and ensure continuous alignment with industry best practices.

These principles are assumed by Management, which provides the necessary means and resources to ensure compliance, making them publicly available through this Information Security Policy.

Back To Top