Security policy

Security Policy Statement

NexTReT depends on ICT (Information and Communications Technology) Systems to achieve its objectives.

These systems must be managed diligently, taking the appropriate measures to protect them against accidental or deliberate damage that may affect the availability, integrity, confidentiality, authenticity and traceability of the information processed or the services provided.

The objective of information security is to guarantee the quality of information and the continued provision of services, acting preventively, supervising daily activity and reacting promptly to incidents.

To defend against these threats, a strategy that adapts to changes in environmental conditions is required to ensure the continuous provision of services. This implies that the departments have to apply the security measures required by the National Security Scheme and ISO 27001, as well as carry out continuous monitoring of service provision levels, monitor, analyze and correct reported vulnerabilities, and prepare a effective response to incidents to guarantee the continuity of the services provided.

For all this, there is an information security management system (SGSI) based on ISO 27001 and the National Security Scheme that follows a cycle of continuous improvement.

NexTReT Security Policy Basics

  • Establish secure areas for critical or confidential information systems.

  • Authorize the systems before going into operation.

  • Regularly assess security, including assessments of configuration changes made routinely.

  • Request periodic review by third parties in order to obtain an independent evaluation.

  • Establish intrusion detection systems at the network level.

  • Establish intrusion detection systems at the system level.

  • Establish mechanisms to respond effectively to security incidents.

  • Designate a point of contact for communications regarding incidents detected in other departments or in other agencies.

  • Establish protocols for the exchange of information related to the incident. This includes two-way communications with Emergency Response Teams (CERT).

  • Develop continuity plans for ICT systems.

  • Comply with all applicable legal requirements.

You can view the security policy by clicking here.

You can download the document for obtaining the ENS High Category certificate (CCN-CERT) by clicking here.

Last revision date: 19/10/2022