Política de privacidad – ENG
Information Security
Policy
Deister Software SL, Deister Consulting SA, Deister Tech Services SLU, Deister SA, and Deister Cloud SL (hereinafter DEISTER) is a group of companies whose main activity is the design and development of ERP solutions in both On-Premise and SaaS modalities. To achieve this, it upholds values that it considers essential for reaching its objectives, such as the preservation of information and personal data—both its own and that of other stakeholders—and the professional and personal development of all its team members.
Due to our activity, DEISTER is aware that information is a highly valuable asset for our organization and therefore requires proper protection and management in order to ensure the continuity of our business operations and minimize potential damage caused by breaches to the integrity, availability, and confidentiality of information.
Therefore, the management of DEISTER, through the development and implementation of this Information Security Management System, undertakes the following commitments:
To develop solutions and services that comply with legislative requirements, identifying the applicable legislation for the business lines developed by the organization and included within the scope of the ISMS (Information Security Management System).

⦿ To establish and comply with contractual requirements with stakeholders.

⦿ To provide information security training and awareness programs for all employees and other stakeholders.

⦿ To prevent and detect any viruses and other malicious software, through the development of specific policies and the establishment of contractual agreements with specialized organizations.

⦿ To conduct information security risk assessments to identify and implement controls to mitigate the impact of identified risks.

⦿ To develop and maintain business continuity and disaster recovery plans.

⦿ To establish the consequences of violations of the security policy, which will be reflected in contracts signed with stakeholders, suppliers, and subcontractors.

⦿ To promote a culture of continuous improvement in information security management and implement improvements based on incident analysis, audits, and periodic reviews.

⦿ To act at all times within the highest standards of professional ethics.

⦿ To ensure that access to and use of information systems is performed securely and in accordance with established policies.

⦿ To maintain the brand’s reputation regarding data security.

⦿ To manage the information lifecycle properly, in order to prevent improper use during any of its phases.

⦿ The organization’s staff will participate in the management of incidents related to services and information security management, with the aim of restoring normal service operation levels as quickly as possible and minimizing the adverse impacts of such incidents on the organization.

⦿ To ensure the protection of intellectual property rights.

⦿ To periodically establish a set of objectives and indicators that allow management to adequately monitor service levels and management activities.

⦿ Top management commits to providing the necessary resources to maintain and improve the Information Security Management System (ISMS).