The purpose of this document is to establish the guidelines that allow and guide the standards of behavior related to information security, adequate to the needs of the company and its assets and individuals, on the part of our employees, customers, suppliers, service providers, and partners. Also, guide the definition of specific information security standards and procedures, as well as the implementation of controls and processes to meet them.
This document constitutes a formal statement by Latitude.sh about its commitment to the protection of information owned by it or in its custody and must be observed by all involved, directly or indirectly. Based on the pillars of confidentiality, integrity and availability, Latitude.sh is committed to seeking innovation in methodologies for increasing and maintaining information security, with a focus on customer satisfaction and compliance with legal, contractual and regulatory requirements. Latitude.sh's information security objectives were structured and established according to the guidelines contained in this policy. It is the responsibility of everyone involved, directly or indirectly in Latitude.sh's SGSI:
Acknowledge the documents and guidelines made available for carrying out the activities involved in daily work, following the guidelines contained in these procedures;
Request assistance from managers and superiors when doubts arise about the information security risks involved;
Maintain the confidentiality of information, procedures and processes developed at Latitude.sh;
Ensure availability to our customers and partners with our 24/7 support and service;
Ensure the integrity of contracted products and services;
Access the information you are allowed to;
Sign and respect the confidentiality agreement;
Ensure the equipment and materials made available to carry out their work;
Ensure the documents and any others, of a confidential order, not leaving them in sight or under any risk of possession by an unauthorized person;
Communicate Latitude.sh's Senior Management of any violation of information security principles, breach of policy or security standards.