At Prometeo, we recognize the critical importance of leading the region's financial infrastructure space in information security and data protection. We continuously strive to maintain and enhance our privileged position by implementing cutting-edge security practices.
By prioritizing security, we not only protect our valuable assets and data but also build trust among stakeholders, reinforcing our reputation as a reliable, trustworthy partner within the industry.
The primary goal of the General Information Security Policy is to safeguard the integrity, confidentiality, and availability of Prometeo’s critical information assets. This policy aims to establish a robust framework that ensures protection against internal and external threats while mitigating risks associated with information management.
This policy applies to all employees, suppliers, and third parties interacting with the company’s information systems. It covers all information assets, including but not limited to data, systems, networks, and processes related to business operations.
Aligned with our commitment to continuous improvement within our Information Security Management System (ISMS), we are dedicated to ensuring a secure environment for our operations that complies with all applicable information security requirements. To achieve this, we adhere to the following principles:
Setting Objectives
Define annual information security objectives and develop and update an action plan to achieve them.
Risk Assessment and Treatment
Develop a security risk assessment and treatment process, implementing corrective and preventive actions as needed based on the outcomes.
Incident Management
Maintain a security incident management policy in line with CERTuy guidelines. Additionally, all personnel must report confirmed or suspected security violations according to established procedures.
Ensuring Operational Continuity
Establish measures to ensure continuity of operations and critical processes, developing continuity and disaster recovery plans that align with interruption tolerance in adverse events.
Information Classification and Protection
Classify and label information following current regulations based on Prometeo's value and importance criteria.
Generate, store, and transfer information internally and externally, upholding the principles of confidentiality and integrity, and ensuring information protection in transit, processing, and storage.
Implement appropriate cryptographic mechanisms based on information classification to mitigate associated risks.
Legal and Contractual Compliance
Comply with service, legal, or regulatory requirements, and contractual security obligations.
Supplier Management
Maintain an ongoing supplier management process, requiring adherence to this policy’s principles and associated procedures to protect organizational information.
Security-Centric Organizational Culture
Promote an information security-oriented organizational culture. Engage and commit management to disseminate, consolidate, and enforce the policy.
Threat and Vulnerability Management
Manage vulnerabilities in our products and services by releasing updates, patches, and recommendations. Extend this management to security threats and vulnerabilities across our environment, including our internal systems.
Policy Communication
We will communicate our Security Policy to all interested parties. It must integrate into our organizational culture through dissemination within our security awareness and training plan. Furthermore, this policy will be publicly available to all interested parties.
Continuous Improvement
We aim to focus on continuous improvement within our Information Security Management System (ISMS), implementing a cycle that includes regular process reviews, identifying areas for improvement, and executing corrective and preventive actions.
Through this approach, we commit to maintaining our leadership in financial infrastructure development, prioritizing information security and data protection. We will continue to enhance our customer experience, ensuring compliance with legal requirements and relevant regulations while innovating our products and services without compromising stability, security, or user experience.
With this mission, we will continue building an open, secure, and interconnected financial ecosystem.