MAXAM Cybersecurity and Information Security Policy
The Management of MAXAM commit to establish the criteria, processes and guidelines to ensure the confidentiality, integrity and availability of the information and associated systems, in accordance with the needs, requirements and strategies of the business, maintaining a balance between the resources available for this purpose and the levels of acceptable risk.
Regulatory compliance
MAXAM is committed to strict compliance with the rules and legal requirements that, in matters of critical infrastructure, information security or privacy, are applicable wherever its activity takes place.
MAXAM will always collaborate with the authorities in matters of critical infrastructure, cybersecurity and privacy, when required.
Risks management
MAXAM enhances prevention, detection, reaction, analysis, recovery and response capabilities against threats, providing the technologies and mechanisms that allow this management in an agile way.
In accordance with the principle of Security by Default, those responsible in MAXAM for new projects or developments will carry out an analysis of the risks, considering the confidentiality, integrity, availability of information, and processing of personal data in order to protect reputation, avoid fraud, compromise the production and operations of the company, or the security and privacy of employees, customers and suppliers.
Likewise, on a regular basis, MAXAM conducts drills to verify its crisis management capabilities in order to preserve business continuity.
Management model and continuous improvement
This Policy is developed through the functions, responsibilities and governance bodies defined for this purpose, and an Information Security and Cybersecurity Regulatory Body, a set of procedures and instructions whose compliance is mandatory in MAXAM.
MAXAM establishes its Information Security and Cybersecurity management system, to achieve the sustained development of its information security capabilities, incorporating best practices, new technological trends, as well as the necessary work procedures, aligned with the strategic plans of the company and with the context in which it operates.
Information systems life cycle
The information security and cybersecurity requirements must be considered from the design, development and throughout the life cycle of the applications and associated systems, whether they belong to the information systems environment or to the industrial control systems environment (ICS) of MAXAM, either self-developed or solutions acquired from third parties. This applies to all phases: requirements and feasibility analysis, design, construction, testing, implementation, acceptance, subsequent maintenance and phase of removal and destruction.
To guarantee the success of this responsibility assigned to the IT Department, either through internal or external audit, MAXAM periodically evaluates the status of cybersecurity, paying special attention to the systems and / or services considered critical.
Awareness and commitment of employees, customers and suppliers
MAXAM is aware that information security, cybersecurity and privacy concern us all, the human factor being key.
MAXAM provides, in a continuous and updated way, depending on the evolution of the threats and risks detected, the necessary information, awareness and training to employees, customers, suppliers, contractors and collaborators, in the field of information security, cybersecurity and privacy, especially those related to the responsibilities in the treatment of classified, confidential or sensitive information.
MAXAM requires its employees to strictly observe the procedures, norms and instructions that derive from these Principles, making available always the appropriate information and advice for the fulfillment of such obligation.
Regarding the supply chain, and through an adapted evaluation process, MAXAM will require its Critical Suppliers to comply with adequate standards in terms of information security and cybersecurity, depending on the potential impact for the company or for the privacy of the data.
For further details about the security measures that MAXAM considers under this policy please contact: gdpr@maxamcorp.com