EL RANCHITO, as a company dedicated to the production and realization of visual effects for film, television, advertising and other audiovisual formats, with a large presence in the domestic and international market, openly expresses its intention to offer services with a level of security that ensures the protection of information, so that all its customers can use it with the maximum confidence.
Accordingly, the Management of EL RANCHITO has defined and implemented an Information Security Management System [ISMS] that enables the company to ensure that the information systems and information that is created, collected, stored and processed complies with:
- Security in Human Resource Management, before, during and after employment.
- Appropriate asset management involving classification of information and handling of media.
- The establishment of robust logical access control to your systems and applications, managing user permissions and privileges.
- The protection of facilities and the physical environment, through the design of secure work areas and the security of equipment.
- Ensuring the security of operations by protecting against malicious software, backing up, logging and monitoring, monitoring software in operation, managing technical vulnerabilities and choosing appropriate techniques for auditing systems.
- Communications security, protecting networks and information exchange.
- Ensuring security in the acquisition and maintenance of information systems, limiting and managing change.
- The realization of secure software development, separating development and production environments, and performing appropriate functional acceptance testing.
- Controlling relations with suppliers, contractually demanding compliance with the relevant security measures and acceptable levels in the provision of their services.
- Effectiveness in the management of security incidents, establishing the appropriate channels for notification, response and timely learning.
- The implementation of a business continuity plan that protects the availability of services during a crisis or disaster.
- Identification of and compliance with applicable regulations, with special emphasis on intellectual property and personal data protection.
- Review of current information security requirements to ensure compliance and effectiveness.
These principles are assumed by the company management, which provides the necessary means and provides its employees with sufficient resources to comply with them, by plasming them and making them public through this Information Security Policy.
Madrid, 11 January 2021