1. Introduction

Ibérica Semiconductores de Potencia, S.L. has an Information Security Policy that establishes a shared framework that guides socially responsible behaviour within the company. Therefore, the main objective of this Policy is to maintain the maximum levels of computer security with its interest groups, in coherence with the company's strategy, as well as to establish responsibilities and specific monitoring tools to ensure compliance.

2. Scope of Application

The Information Security Policy applies to all departments of Ibérica Semiconductores de Potencia, S.L., regardless of the activity or the country where they are established. Likewise, the knowledge and application of this policy will be promoted by those people or companies that work with Ibérica Semiconductores de Potencia, S.L.

3. Commitments and Guiding Principles

• 1. Information must always be protected, regardless of how it is shared, communicated or stored.
• Introduction:
  • Information can exist in various formats: printed or written on paper, stored electronically, transmitted by mail or electronic means, displayed in projections or orally in conversations.
  • Information security is the protection of information against a wide range of threats in order to ensure business continuity, minimise business risks and maximise return on investments and business opportunities.
• Scope:
  • This policy supports the organisation's overall Information Security Management System policy.
  • This policy is for consideration by all members of the organisation.
• Information Security Objectives:
  • Understanding and treating operational and strategic risks in information security so that they remain at acceptable levels for the organisation.
  • Protection of the confidentiality of information related to clients and development plans.
  • Preservation of the integrity of accounting records.
  • Publicly accessible Web services and internal networks meet the required availability specifications.
  • Understanding and covering the needs of all interested parties.
• Information Security Principles:
  • This organisation embraces risk-taking and tolerates those risks that, based on the information available, are understandable, controlled and dealt with when necessary.
  • All personnel will be informed and responsible for the security of information, as relevant to the performance of their work.
  • Financing will be available for the operational management of controls related to information security and the management processes for their implementation and maintenance.
  • Those possibilities of fraud related to the abusive use of information systems will be taken into account within the overall management of information systems.
  • Regular reports will be made available with information regarding the security situation.
  • Information security risks will be monitored and relevant measures will be adopted when there are changes that entail an unacceptable level of risk.
  • Situations that may expose the organisation to the violation of laws and legal regulations will not be tolerated.
• Responsibilities:
  • The management team is responsible for ensuring that information security is appropriately managed throughout the organisation.
  • Each manager is responsible for ensuring that people working under their direction protect information in accordance with standards established by the organisation.
  • The internal or external security manager advises the management team, provides specialised support to the organisation's staff and ensures that information security status reports are available.
  • Each staff member has the responsibility to maintain information security within their work- related activities.
• Key Indicators:
  • Information security incidents will not result in serious and unexpected costs, or serious disruption of services and business activities.
  • Customer acceptance of products or services will not be adversely affected by information security issues.
• Related Policies: Below are those policies that provide principles and guidance on specific aspects of information security:
  • Physical Access Control Policy.
  • Workplace Cleaning Policy.
  • Unauthorised Software Policy.
  • File Download Policy (external / internal network).
  • Backup Policy.
  • Information Exchange Policy with Other Organisations.
  • Use of Messaging Services Policy.
  • Use of Network Services Policy.
  • Remote Working Policy.
  • Use of Cryptographic Controls Policy.
  • Software License Use Policy.
  • Data Protection and Privacy Policy.
• The Information Security Policy must be supported by procedures on specific topics, such as:
  • Access control.
  • Physical and environmental security.
  • Clean desktop and clear screen.
  • The transfer of information.
  • Mobile devices and remote working.
  • Restrictions on software installation and use.
  • Backup.
  • Protection against malware.
  • The management of technical vulnerabilities.
  • Cryptographic controls.
  • Security communications.
  • Privacy and protection of personally identifiable information.
• Approval

  This Ibérica Semiconductores de Potencia, S.L. Information Security Policy has been approved by the Board of Directors of Ibérica Semiconductores de Potencia, S.L., on 15 January 2023.