Information Security
Management System
Policy

Version: 02

Intertec International is a global trademark name company; with offices located throughout the United States, United Kingdom, and a Nearshore Technology Center in Costa Rica. Intertec Consulting, LLC, and its subsidiaries, including Micra Consulting International, Ltd., its Costa Rica entity, is collectively referred as “Intertec International”.

1. OBJECTIVE

The aim of this high-level Policy is to define the purpose, direction, principles and basic rules for information security management of Intertec International. Intertec International is the registered trademark name of Micra Consulting, Ltda., in Costa Rica.

2. SCOPE

This Policy is applied to the entire Information Security Management System (ISMS), as defined in the ISMS Scope Document.

Users of this document are all employees of Intertec International.

This policy also applies to information resources owned by others, such as contractors of the Company or those information resources of Intertec’s clients while in Intertec’s custody.

3. DEFINITIONS

Availability: characteristic of the information by which it can be accessed by authorized persons when it is needed.

Confidentiality: characteristic of the information by which it is available only to authorized persons or systems.

Integrity: characteristic of the information by which it is changed only by authorized persons or systems in an allowed way.

Information Security: preservation of confidentiality, integrity and availability of information.

Information Security Management System: part of overall management processes that takes care of planning, implementing, maintaining, reviewing, and improving the information security of Intertec International.

Policy: A policy is a general commitment, direction, or intention and is formally stated by executive management. A policy statement should express executive management's commitment to the implementation and improvement of its ISMS management system and should allow managers to set objectives.

4. RESPONSIBILITIES

Responsibilities for the ISMS are the following:

  • Executive Vice President & General Counsel: Executive Management’s representative in management of ISMS and must establish and approve this policy.
  • Human Resource Manager: implement information security training and awareness programs for employees; responsible for communicating this policy to the Intertec International personnel through online sessions and/or emails.
  • Shared Service Manager: responsible for adopting and implementing the Training and Awareness Plan, which applies to vendors who have a role in information security management.
  • Intertec International Personnel: responsible for understanding this policy and fulfilling all its requirements.
  • ISMS Manager: responsible to have this policy as documented information available to interested parties, as appropriate.
  • Chief Information Security Officer: responsible for ensuring that the ISMS is implemented and maintained according to this Policy.

5. POLICY DESCRIPTION


5.1 EXECUTIVE MANAGEMENT COMMITMENT

Intertec International provides technical solutions to global companies in multiple disciplines and technologies to a variety of industries. Information security is a fundamental pillar of our organization.

Commitment to information security extends to executive levels of Intertec International and will be demonstrated through this ISMS Policy and the provision of appropriate resources to provide and develop the ISMS and associated controls.

Executive management will also ensure that a systematic review of performance of the program is conducted on a regular basis to ensure that ISMS objectives are being met and information security issues are identified through the audit program, management processes and reviews.

We are committed through our Information Security Management System to:

  • Preserve the confidentiality of the information, ensuring that only authorized people have access
  • Integrity: ensuring that the information and their content are precise and complete
  • Availability: ensuring that the users have access to the information and information assets when required

5.2 FRAMEWORK FOR SETTING OBJECTIVES

An annual cycle will be used for the setting of objectives for information security, to coincide with the budget planning cycle. This will ensure that adequate funding is obtained for the improvement activities identified. These objectives will be based upon a clear understanding of the business requirements, informed by the management review.

ISMS objectives will be documented for the relevant financial year, together with details of how they will be achieved. These will be reviewed on a quarterly basis to ensure that they remain valid. If amendments are required, these will be managed through the change management process.


5.3 APPLICABLE REQUIREMENTS RELATED TO THE INFORMATION SECURITY

Intertec International has the responsibility to abide by and adhere to information security legal obligations as well as a variety of internal, regulatory and contractual requirements.


5.4 CONTINUAL IMPROVEMENT OF ISMS

All Intertec International personnel are committed to continual improvement. Appropriate measurement of the ongoing effectiveness is established and helps to ensure continual improvement of related security controls.


5.5 COMMUNICATION

This policy is communicated with employees through internal awareness sessions and is available for interested parties through the Intertec International web page.