THE COCKTAIL is aware of and assumes its commitment to information security according to the reference standards ISO 27001 and RD 311/2022 Medium category.
The management of THE COCKTAIL establishes the following principles:
- The information is protected against unauthorized access.
- It complies with applicable legal requirements.
- Business requirements regarding information security and information systems are met.
- The Security Committee assesses the information assets it has THE COCKTAIL from which the risk analysis and subsequently the risk management will be derived. Both the analysis and the risk management will be reviewed annually by the Management, which will decide whether to carry out a new risk analysis and management. The risks to be treated will be reflected in the Risk Treatment Plan.
- Security incidents are reported and treated appropriately.
- Procedures are established to comply with the Security Policy.
- The Security Manager will be in charge of maintaining this policy, the management manual, the procedures and providing support in their implementation. In addition to supervising and verifying compliance with the Risk Treatment Plan that corresponds to each year.
- Each employee is responsible for complying with this Policy and its procedures as applicable to his or her job.
- It is the policy of THE COCKTAIL to implement, maintain and monitor the ISMS.
- THE COCKTAIL is committed to the continuous improvement of the Management System. To do this, it is based on policies, objectives, results of internal audits, data analysis, corrective and preventive actions and review by management to facilitate continuous improvement.
These principles are assumed by the management of THE COCKTAIL, who has the necessary means and provides its employees with sufficient resources for compliance, and expresses them and makes them publicly known through this Information Security Policy.
Policy approved by The Cocktail Group Management.
In Madrid, on September 26, 2023.