{"id":1766,"date":"2026-05-20T13:09:59","date_gmt":"2026-05-20T13:09:59","guid":{"rendered":"https:\/\/atalisfunding.com\/security-policy\/"},"modified":"2026-05-20T13:20:40","modified_gmt":"2026-05-20T13:20:40","slug":"security-policy","status":"publish","type":"page","link":"https:\/\/atalisfunding.com\/en\/security-policy\/","title":{"rendered":"Security policy"},"content":{"rendered":"[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; row_position_desktop=&#8221;default&#8221; row_position_tablet=&#8221;inherit&#8221; row_position_phone=&#8221;inherit&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; flex_gap_desktop=&#8221;10px&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text css=&#8221;&#8221; text_direction=&#8221;default&#8221;]\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">INTRODUCTION<\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Atalis Funding relies on ICT (Information and Communications Technology) systems to achieve its business objectives. These systems must be managed diligently, taking appropriate measures to protect them against accidental or deliberate damage that may affect the availability, integrity or confidentiality of the information processed or the services provided.   <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">The objective of information security is to guarantee the quality of information and the continuous provision of services, acting preventively, monitoring daily activity and reacting promptly to incidents.  <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">ICT systems must be protected against rapidly evolving threats that have the potential to impact the confidentiality, integrity, availability, intended use and value of information and services. To defend against these threats, a strategy that adapts to changing environmental conditions is required to ensure the continued delivery of services. This implies that departments must implement the minimum security measures required by the National Security Scheme, as well as continuously monitor service delivery levels, track and analyze reported vulnerabilities, and prepare an effective response to incidents to ensure the continuity of the services provided.    <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">The different departments must ensure that ICT security is an integral part of every stage of the system&#8217;s life cycle, from its conception to its decommissioning, through development or procurement decisions and operational activities. Security requirements and funding needs should be identified and included in planning, request for bids, and bidding documents for ICT projects.   <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Departments must be prepared to prevent, detect, react and recover from incidents, in accordance with Article 7 of the ENS.<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">PREVENTION<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Departments must avoid, or at least prevent as far as possible, information or services from being impaired by security incidents. To this end, departments must implement the minimum security measures determined by the ENS, as well as any additional controls identified through a threat and risk assessment. These controls, and the security roles and responsibilities of all personnel, must be clearly defined and documented.  <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">To ensure compliance with the policy, departments must:<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Authorize systems before going into operation.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Regularly evaluate security, including evaluations of configuration changes made on a routine basis.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">DETECTION<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Since services can degrade rapidly due to incidents, ranging from a simple slowdown to stoppage, the services must monitor the operation on a continuous basis to detect anomalies in service delivery levels and act accordingly as established in Article 9 of the ENS.  <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Monitoring is especially relevant when establishing lines of defense in accordance with Article 8 of the ENS. Detection, analysis and reporting mechanisms shall be established that reach those responsible regularly and when there is a significant deviation from the parameters that have been pre-established as normal. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">ANSWER<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Departments must:  <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Establish mechanisms to respond effectively to security incidents.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Designate point of contact for communications regarding incidents detected in other departments or other agencies.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Establish protocols for the exchange of information related to the incident. This includes two-way communications with Emergency Response Teams (CERTs). <\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">SCOPE<\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">This policy applies to all Atalis Funding ICT systems, as well as to all Atalis Funding members, without exception.<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">MISSION<\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">In response to a new technological environment where the convergence between computing and communications are facilitating a new paradigm of productivity for companies, Atalis Funding, is highly committed to maintain the promotion of research projects, technological development and innovation, in a quality environment, where the development of good practices in Information Security is essential to achieve the objectives of confidentiality, integrity, availability and legality of all information managed. Consequently, Atalis Funding, defines the following application principles to be taken into account in the framework of the Information Security Management System (ISMS): <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">The Management of Atalis Funding , understands its duty to ensure the security of information as an essential element for the proper performance of Atalis Funding services, and, therefore, supports the following objectives and principles:<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<ol>\n<li><span data-contrast=\"auto\">Implement the value of Information Security across Atalis Funding.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">To contribute, each and every person at Atalis Funding, to the protection of Information Security.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">To preserve the confidentiality, integrity, availability and resilience of the information, with the objective of guaranteeing that the legal and regulatory requirements, and those of our clients, related to the security of the information are met; and specifically with regard to personal data:<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">The data will be processed in a lawful, fair and transparent manner in relation to the data subject (lawfulness, fairness and transparency).<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">They shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes (Purpose limitation).<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">The data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (Data minimization).<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">The data shall be accurate and, if necessary, kept up to date; all reasonable steps shall be taken to ensure that personal data that are inaccurate with respect to the purposes for which they are processed are promptly deleted or rectified (Accuracy).<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods provided that they are processed exclusively for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Limitation of the retention period).<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through the implementation of appropriate technical or organizational measures (Integrity and confidentiality).<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">To protect Atalis Funding&#8217;s information assets from threats, whether internal or external, deliberate or accidental, in order to guarantee the continuity of the service offered to our clients and the security of the information.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">Establish an information security plan that integrates activities to prevent and minimize the risk of security incidents based on the risk management criteria established by Atalis Funding.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">Provide the necessary means to be able to carry out the pertinent actions for the management of the identified risks.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">Assume responsibility for information security awareness and training as a means of ensuring compliance with this policy.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">Extend our commitment to information security to our employees and suppliers.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<li><span data-contrast=\"auto\">Continuously improve security by establishing and regularly monitoring information security objectives.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<\/ol>\n<p><span data-contrast=\"auto\">This Policy will be maintained, updated and appropriate for Atalis Funding&#8217;s purposes, aligned with Atalis Funding&#8217;s risk management context. To this end, it will be reviewed at planned intervals or whenever significant changes occur, in order to ensure that its suitability, adequacy and effectiveness are maintained. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Similarly, to manage the risks faced by Atalis Funding, a formally defined risk assessment procedure is established. In turn, all policies and procedures included in the ISMS will be reviewed, approved and promoted by Atalis Funding Management. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">REGULATORY FRAMEWORK<\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Atalis Funding&#8217;s management ensures that externally sourced documentation that is relevant to the operation of the company is known to the company&#8217;s employees who need it and is kept up to date and available at all times.<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">For this purpose, the means defined in this document and the procedures that develop it are used.<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">Reference documents<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"8\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">National Security Scheme<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"7\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><a href=\"https:\/\/www.ccn-cert.cni.es\/series-ccn-stic\/800-guia-esquema-nacional-de-seguridad\/501-ccn-stic-801-responsibilidades-y-funciones-en-el-ens\/file.html\"><span data-contrast=\"none\">CCN-STIC-801 Guide<\/span><\/a><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"7\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><a href=\"https:\/\/legitec.sharepoint.com\/:w:\/s\/AtalisfundingENS\/IQDuw_4gvVEDQqn2JdnxinecATETGPnGYn7YHcPGgzE8ixs?e=SKiqeq\"><span data-contrast=\"none\">CCN Guidelines, Abstracts, CoCENS and Regulations applicable to the Organization.docx<\/span><\/a><span data-ccp-props=\"{\"201341983\":0,\"335551550\":1,\"335551620\":1,\"335559739\":0,\"335559740\":276}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">SECURITY ORGANIZATION<\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">Committees, roles and responsibilities<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">A safety committee has been established:<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"10\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">General Management<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"10\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Security Manager<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"10\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Responsible for systems<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"10\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Data Protection Officer<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"10\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Responsible for the information<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"10\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><span data-contrast=\"auto\">Responsible for the service<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">This safety committee has the following functions and responsibilities:<\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Address management and systems concerns.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Obtain a snapshot of the state of information security.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Promote the continuous improvement of the ISMS.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Elaborate the evolution strategy<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Review the Policy, Regulations and procedures at least annually.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><span data-contrast=\"auto\">Pass the training requirements<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"7\" data-aria-level=\"1\"><span data-contrast=\"auto\">Prioritize actions<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"8\" data-aria-level=\"1\"><span data-contrast=\"auto\">Promote the performance of ISMS and technical audits.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"9\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"9\" data-aria-level=\"1\"><span data-contrast=\"auto\">Check that Information Security is present in all projects.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">ROLES: FUNCTIONS AND RESPONSIBILITIES<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"3\"><b><span data-contrast=\"auto\">Executive Management<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Participates in the development of objectives and measurements. Approves policies. Approves ISMS management reviews. Validates the conclusions of system audits.     <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">The executive management establishes Atalis Funding&#8217;s organization chart which contains more functions and roles than those specified here. In this policy we detail those responsible for information security. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"3\"><b><span data-contrast=\"auto\">Security Manager<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"30\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Promote the security of the information handled and the electronic services provided by the information systems, with the responsibility and authority to ensure that the Information Security Management System complies with the requirements of the National Security Scheme.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"29\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Overseeing compliance with this Policy, its rules, derived procedures and the security configuration of the systems.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"28\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Establish adequate and effective security measures to comply with the security requirements established by the Service and Information Managers, following at all times the requirements of Annex II of the ENS, declaring the applicability of such measures.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"27\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Promote security awareness and training activities in their area of responsibility.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"26\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Coordinate and monitor the implementation of ENS compliance projects, in collaboration with the Systems Manager.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"25\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">To carry out, with the collaboration of the System Manager, the mandatory risk analysis, to select the safeguards to be implemented and to review the risk management process. Likewise, together with the System Manager, accept the residual risks calculated in the risk analysis. <\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"24\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Promote periodic audits to verify compliance with information security obligations and analyze the audit reports, drawing up the conclusions to be presented to the System Manager so that the appropriate corrective measures can be adopted.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"23\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Coordinate the Security Management process, in collaboration with the Systems Manager.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"22\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Determine the category of the system according to the procedure described in Annex I of the ENS and the security measures to be applied in accordance with the provisions of Annex II of the ENS.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"21\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Verify that security measures are adequate for the protection of information and services.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"3\"><b><span data-contrast=\"auto\">Responsible for the system<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"20\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Develop, operate and maintain the information system throughout its life cycle, from its specifications, installation and verification of its correct functioning.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"19\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Ensure that specific security measures are properly integrated into the overall security framework.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"18\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Conduct exercises and tests on existing security operating procedures and continuity plans.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"18\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Implement the necessary measures to ensure the security of the system throughout its life cycle, in agreement with the Security Manager.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"11\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">To carry out, in collaboration with the Security Manager, the mandatory risk analysis, to select the safeguards to be implemented and to review the risk management process. Likewise, together with the Security Manager, accept the residual risks calculated in the risk analysis. <\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"12\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Prepare, in collaboration with the Security Manager, the third level security documentation (STIC Operating Procedures and STIC Technical Instructions).<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"13\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">The application of safety operating procedures.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"13\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Ensure that the established security controls are strictly adhered to, as well as ensuring that the approved procedures for managing the information system are applied.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"14\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Monitor hardware and software installations, modifications and upgrades to ensure that security is not compromised and that at all times they are in compliance with the relevant authorizations.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"15\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Monitor the security status of the system provided by the security event management tools and technical auditing mechanisms implemented in the system.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"16\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Report any anomalies, compromises or vulnerabilities related to security to their respective managers.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"17\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Collaborate in the investigation and resolution of security incidents, from detection to resolution.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"3\"><b><span data-contrast=\"auto\">Data Protection Officer<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"31\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Inform and advise the data controller and its employees of their obligations in relation to the GDPR and other data protection provisions.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"31\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Monitor compliance with the provisions of this Regulation, other Union or Member State data protection provisions and the controller&#8217;s or processor&#8217;s policies on the protection of personal data, including the allocation of responsibilities, awareness-raising and training of staff involved in processing operations, and related audits.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"31\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Provide advice as requested on the data protection impact assessment and monitor its implementation in accordance with Article 35.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"31\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Cooperate with the supervisory authority.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"31\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Act as a contact point for the supervisory authority for matters relating to processing, including the prior consultation referred to in Article 36, and consult, as appropriate, on any other matter.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"3\"><b><span data-contrast=\"auto\">Responsible for the service<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"32\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Establish the security requirements of the service, including interoperability, accessibility and availability requirements.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"32\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Determine the security levels of the service, in agreement with the Security Manager and the System Manager.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"32\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Maintain the security of the information handled and the services provided by the information systems in its area of responsibility.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"3\"><b><span data-contrast=\"auto\">Responsible for the information<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"33\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Ensure the proper use of information and, therefore, its protection.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"33\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Establish security information requirements.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"33\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Determine the security levels of the information processed, assessing the consequences of a negative impact.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"3\"><b><span data-contrast=\"auto\">Users and employees<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"34\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Comply with the information security policy and complementary rules, procedures and instructions.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"34\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">To protect and safeguard the company&#8217;s information, preventing its disclosure, external release, modification, accidental or unauthorized deletion or destruction, or misuse, regardless of the medium or means by which it was accessed or known.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"-\" data-font=\"Calibri\" data-listid=\"34\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Calibri\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"-\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Know and apply the Information Security Policy, the Information Systems Usage Rules and all other applicable policies, standards, procedures and security measures.<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p aria-level=\"2\"><span data-contrast=\"auto\">Any conflict or discrepancy that may arise between those responsible for information security, and which cannot be resolved by mutual agreement, shall be submitted to the organization&#8217;s management, whose decision shall be binding and shall be duly documented.  <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">APPOINTMENT PROCEDURES<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Atalis Funding&#8217;s management is responsible for making appointments to designate roles and responsibilities for information security, as well as establishing the necessary committees to ensure compliance with this policy. These appointments and internal structures will remain in internal documents. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"2\"><b><span data-contrast=\"auto\">INFORMATION SECURITY POLICY<\/span><\/b><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559738\":120,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">The Security Committee shall be responsible for the annual review of this Information Security Policy and for proposing its revision or maintenance. The Policy shall be approved by the Security Committee and disseminated so that all affected parties are aware of it. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">RISK MANAGEMENT<\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">All systems subject to this Policy shall perform a risk analysis, assessing the threats and risks to which they are exposed. This analysis shall be repeated: <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Regularly, at least once a year<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">When the information handled changes  <\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">When the services provided change<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">When a serious security incident occurs<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{\"335552541\":1,\"335559685\":720,\"335559991\":360,\"469769226\":\"Symbol\",\"469769242\":[8226],\"469777803\":\"left\",\"469777804\":\"\uf0b7\",\"469777815\":\"hybridMultilevel\"}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">When serious vulnerabilities are reported<\/span><span data-ccp-props=\"{\"201341983\":0,\"335551550\":6,\"335551620\":6,\"335559739\":160,\"335559740\":259}\"> <\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">In order to harmonize risk analyses, the ICT Security Committee will establish a reference assessment for the different types of information handled and the different services provided. The ITC Security Committee will boost the availability of resources to meet the security needs of the different systems, promoting investments of a horizontal nature. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">DEVELOPMENT OF THE INFORMATION SECURITY POLICY  <\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">This Policy will be developed by means of security regulations that will address specific aspects in the operation of Atalis Funding&#8217;s IT users. The security policy will be available to all members of Atalis Funding on a need-to-know basis, in particular to those who use, operate or administer information and communications systems. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">The information security policy will be available on the following website<\/span><span data-contrast=\"none\"> <\/span><a href=\"https:\/\/atalisfunding.com\/es\/\"><span data-contrast=\"none\">Grants Database &#8211; Atalis Funding &#8211;<\/span><\/a><span data-contrast=\"none\"> <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":0}\"> <\/span><\/p>\n<p><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">STAFF OBLIGATIONS  <\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><b><span data-contrast=\"auto\">All members of Atalis Funding have the obligation to know and comply with this Information Security Policy and the Security Regulations.<\/span><\/b><span data-contrast=\"auto\">It is the responsibility of the Security Committee to provide the necessary means to ensure that the information reaches those affected. <\/span> <span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">All Atalis Funding members will attend an ICT security awareness session at least once a year. An ongoing awareness program will be established to serve all Atalis Funding members, particularly new members.   <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Persons with responsibility for the use, operation or administration of systems shall receive training in the safe operation of the systems to the extent that they need it to perform their work. Training shall be mandatory prior to assuming a responsibility, whether it is their first assignment or a change of job or job responsibilities. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p aria-level=\"1\"><b><span data-contrast=\"auto\">THIRD PARTIES<\/span><\/b><span data-ccp-props=\"{\"134245418\":true,\"335551550\":6,\"335551620\":6,\"335559738\":240,\"335559739\":240}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">When Atalis Funding provides services to other organizations or handles information from other organizations, they will be made aware of this Information Security Policy, channels will be established for reporting and coordination of the respective Security Committees and procedures will be established to react to security incidents.  <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">When Atalis Funding uses third party services or provides information to third parties, they will be made aware of this Security Policy and the Security Regulations pertaining to such services or information. Such third party will be subject to the obligations set forth in such regulations, and may develop its own operating procedures to satisfy them. Specific incident reporting and resolution procedures shall be established. It shall be ensured that the personnel of third parties are adequately security-aware, at least to the same level as that established in this Policy.     <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span><\/p>\n<p><span data-contrast=\"auto\">Where any aspect of the Policy cannot be satisfied by a third party as required in the preceding paragraphs, a report from the Security Officer will be required which sets out the risks involved and how they will be addressed. Approval of this report will be required from those responsible for the information and services concerned before proceeding further. <\/span><span data-ccp-props=\"{\"335551550\":6,\"335551620\":6,\"335559739\":120}\"> <\/span>[\/vc_column_text][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"<p>[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; row_position_desktop=&#8221;default&#8221; row_position_tablet=&#8221;inherit&#8221; row_position_phone=&#8221;inherit&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; flex_gap_desktop=&#8221;10px&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221;&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1766","page","type-page","status-publish"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v26.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Security policy - Atalis Funding<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/atalisfunding.com\/en\/security-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security policy\" \/>\n<meta property=\"og:description\" content=\"[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; row_position_desktop=&#8221;default&#8221; row_position_tablet=&#8221;inherit&#8221; row_position_phone=&#8221;inherit&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; flex_gap_desktop=&#8221;10px&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221;...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/atalisfunding.com\/en\/security-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"Atalis Funding\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-20T13:20:40+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@atalisfunding\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/atalisfunding.com\/en\/security-policy\/\",\"url\":\"https:\/\/atalisfunding.com\/en\/security-policy\/\",\"name\":\"Security policy - Atalis Funding\",\"isPartOf\":{\"@id\":\"https:\/\/atalisfunding.com\/en\/#website\"},\"datePublished\":\"2026-05-20T13:09:59+00:00\",\"dateModified\":\"2026-05-20T13:20:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/atalisfunding.com\/en\/security-policy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/atalisfunding.com\/en\/security-policy\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/atalisfunding.com\/en\/security-policy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/atalisfunding.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/atalisfunding.com\/en\/#website\",\"url\":\"https:\/\/atalisfunding.com\/en\/\",\"name\":\"Atalis Funding\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/atalisfunding.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/atalisfunding.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/atalisfunding.com\/en\/#organization\",\"name\":\"Atalis Funding\",\"url\":\"https:\/\/atalisfunding.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/atalisfunding.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/atalisfunding.com\/wp-content\/uploads\/2025\/12\/logo-atalis.svg\",\"contentUrl\":\"https:\/\/atalisfunding.com\/wp-content\/uploads\/2025\/12\/logo-atalis.svg\",\"width\":1347,\"height\":241,\"caption\":\"Atalis Funding\"},\"image\":{\"@id\":\"https:\/\/atalisfunding.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/atalisfunding\",\"https:\/\/bsky.app\/profile\/atalisfunding.bsky.social\",\"https:\/\/www.linkedin.com\/company\/atalis-funding\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Security policy - Atalis Funding","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/atalisfunding.com\/en\/security-policy\/","og_locale":"en_US","og_type":"article","og_title":"Security policy","og_description":"[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; row_position_desktop=&#8221;default&#8221; row_position_tablet=&#8221;inherit&#8221; row_position_phone=&#8221;inherit&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; flex_gap_desktop=&#8221;10px&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221;...","og_url":"https:\/\/atalisfunding.com\/en\/security-policy\/","og_site_name":"Atalis Funding","article_modified_time":"2026-05-20T13:20:40+00:00","twitter_card":"summary_large_image","twitter_site":"@atalisfunding","twitter_misc":{"Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/atalisfunding.com\/en\/security-policy\/","url":"https:\/\/atalisfunding.com\/en\/security-policy\/","name":"Security policy - Atalis Funding","isPartOf":{"@id":"https:\/\/atalisfunding.com\/en\/#website"},"datePublished":"2026-05-20T13:09:59+00:00","dateModified":"2026-05-20T13:20:40+00:00","breadcrumb":{"@id":"https:\/\/atalisfunding.com\/en\/security-policy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/atalisfunding.com\/en\/security-policy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/atalisfunding.com\/en\/security-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/atalisfunding.com\/en\/"},{"@type":"ListItem","position":2,"name":"Security policy"}]},{"@type":"WebSite","@id":"https:\/\/atalisfunding.com\/en\/#website","url":"https:\/\/atalisfunding.com\/en\/","name":"Atalis Funding","description":"","publisher":{"@id":"https:\/\/atalisfunding.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/atalisfunding.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/atalisfunding.com\/en\/#organization","name":"Atalis Funding","url":"https:\/\/atalisfunding.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/atalisfunding.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/atalisfunding.com\/wp-content\/uploads\/2025\/12\/logo-atalis.svg","contentUrl":"https:\/\/atalisfunding.com\/wp-content\/uploads\/2025\/12\/logo-atalis.svg","width":1347,"height":241,"caption":"Atalis Funding"},"image":{"@id":"https:\/\/atalisfunding.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/atalisfunding","https:\/\/bsky.app\/profile\/atalisfunding.bsky.social","https:\/\/www.linkedin.com\/company\/atalis-funding\/"]}]}},"_links":{"self":[{"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/pages\/1766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/comments?post=1766"}],"version-history":[{"count":2,"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/pages\/1766\/revisions"}],"predecessor-version":[{"id":1768,"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/pages\/1766\/revisions\/1768"}],"wp:attachment":[{"href":"https:\/\/atalisfunding.com\/en\/wp-json\/wp\/v2\/media?parent=1766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}