The objective of information security management is to provide confidentiality, integrity and availability of the organization’s assets. Through the guidelines and directives that seek to promote and regulate adequate and responsible employment for the proper use and care of information technology resources among workers, and third parties within the organization; by communicating the measures and forms that they must comply with and use to protect the components of the computer systems of ZOLUXIONES BPO S.A.C.
– ZOLUXIONES BPO S.A.C., must verify that the information security policies are defined, implemented, reviewed and updated periodically.
– The Information Security Policy is mandatory for all internal and external personnel of ZOLUXIONES BPO S.A.C., regardless of the area to which they are assigned and the level of the tasks they perform.
– The User Service Center is responsible for knowing, complying with and enforcing the current Information Security Policy.
01. Asset Management
- The asset management policy provides the guidelines for the proper use of all the IT assets that ZOLUXIONES BPO S.A.C. provides all authorized personnel for the development of their daily activities. In this sense, ZOLUXIONES BPO S.A.C., has the right to control the proper use of its computer resources and may carry out all the control or inspection activities that it deems appropriate. The personnel who make use of these assets are obliged to provide and facilitate these activities. These resources remain the responsibility of the user during the time of permanence or provision of services in the company.
- In the event that users detect unfavorable conditions or risks for the conservation of computer assets, they must report it to USC through the established communication channels.
02. Protection of Information Resources
- The user of a computer service offered by the organization is responsible for the information that this service generates and processes.
- Every user is responsible for the protection of information, he must ensure that the information is protected to ensure the integrity and confidentiality according to its classification. The information may be available digitally, in print, magnetic, optical, or any other medium.
- All users must make use of the information to which they have access only for purposes related to the fulfillment of their functions, having to protect mainly that related to personal data, refraining from communicating them to third parties without the express consent of the person concerned.
- Not obtain or provide information belonging to the organization or its users, without proper authorization; not disclose security codes such as passwords or other people’s codes.
- The information storage repository assigned by the company will be used so that every user who is in the physical facilities of ZOLUXIONES BPO SAC, can store the information, document and keep the storage carried out updated, and define which users must have permissions of access to information according to their functions and competences.
- All users who make use of information classified as restricted or confidential will avoid being accessed by unauthorized persons, and must ensure the identity of the person who is given the information.
- ZOLUXIONES BPO SAC, may, at its discretion, limit, restrict or cancel access to internal or external computer networks, without giving prior notice in case of detecting any risk in the security of the information, it will take the pertinent measures, labor and legal, to sanction those who violate the proper use of the information.
- Each user is responsible for the security and integrity of the information stored on the assigned computer equipment (desktop / laptop / mobile device) and must take due precautions in order to guarantee that the computers are protected against theft or access by unauthorized persons inside and outside the facilities of ZOLUXIONES BPO SAC
- Access to physical and / or digital information by an external provider will be in accordance with the operational guidelines that are under the management of the USC in order to safeguard the information from third parties.
03. Use of Computer Networks
- ZOLUXIONES BPO S.A.C., has a firewall or perimeter security device for the Internet connection of internal users and third parties that require access to the network where the corresponding access and permission profiles will be established.
- It is not allowed to access the internet for purposes other than those of the service provision activities within the organization.
- It is expressly forbidden to download, use, exchange and / or install unauthorized software, information and / or products, which in any way violate the legal and institutional regime on intellectual property.
- Do not download, use, exchange and / or install files that contain malicious code or hacking tools.
- Do not use tools that compromise the availability, performance and confidentiality of data transported over the network.
- Each one of the users will be responsible for giving proper use of computer networks (in the organization, in the client, in their home), which may not be used to carry out illicit or malicious practices that threaten third parties, the public order, good customs, current legislation or the organization’s internal regulations.
04. Access Control of Facilities and Infraestructure
- ZOLUXIONES BPO S.A.C., has an access control system to its facilities through a fingerprint identifier that restricts access to authorized personnel.
- ZOLUXIONES BPO SAC, has a restricted access environment and properly conditioned with uninterruptible power supply (UPS), air conditioning system, smoke detection system and adequate ventilation, for all its servers, communication equipment and Data components. Center, which are duly identified and labeled with the corresponding inventory code, with the exception of the equipment that belongs to the Internet service provider that is in rental and / or loan quality.
05. Use of Accounts and Access
- Any person who requires access to the organization’s computer services will require a user account and password or another means of authentication. The user account and password must be assigned by USC.
- Accounts, passwords and other types of authorizations are assigned to each user and should not be shared with other people, each user being the responsibility of their use and confidentiality.
- Users are responsible for the use they give to their account, and must maintain the integrity of their personal passwords and immediately notify the User Service Center if they suspect that their password has been copied or exposed.
- Users should change their passwords frequently, at least once every 90 calendar days or when they suspect their disclosure. The password must be at least 8 alphanumeric characters long and easy to remember.
- Access to all wireless networks of ZOLUXIONES BPO S.A.C., are restricted with an access password, which must be requested from the USC each time it is required to authorize a connection in the company network.
- Zoluxiones, has established the necessary mechanisms to record all relevant events in the management of company information. We conveniently record who accesses our information, when, how and for what purpose.
- SThe permissions granted to users within the organization are periodically reviewed if they are adequate or not to carry out their tasks.
- At Zoluxiones, the assignment, authorization, revocation of permissions and elimination of accounts, both for user registrations and cancellations, follow the security operating guidelines managed by USC to assign or revoke permits and access to our systems and facilities.
06. Use of Email
- Every authorized user in Zoluxiones will have a mailbox according to the type of service they have within the organization, for the processing of information within the workplace.
- The email accounts that are generated will be created based on the service needs of each business unit. It is the responsibility of every email user in the organization to notify USC of any suspected unauthorized use of their account.
- The email address of ZOLUXIONES BPO S.A.C. is for the exclusive use of authorized personnel. It should be used only to carry out activities related to their functions. The use of email for spamming, chain mail, marketing, religious, political propaganda, aggressive and illegal acts and any other content not appropriate for the recipient is prohibited.
- All instant messaging service must be used for the development of activities concerning the development of the functions that have been entrusted to it; where each person is responsible for the proper use of this service.
07. Proper Media Management
- The devices that are in operation, the people or departments responsible, the information contained in them and their classification based on the degree of criticality for the business will be monitored.
- Monitoring of the devices that store the backup copies of this data will be carried out. The frequency of copies, restoration and testing of the same according to operating procedures.
- In all the computer equipment of the organization, only the installation of software with current licensing is allowed, whether for free or commercial use. The USC area is empowered to advise on the installation of any required software.
- Any user who needs to acquire software may request support from USC, who will verify the technical requirements and complete licensing, and obtain a copy of this license for safekeeping. Any user who installs software without current or malicious licensing on the organization’s computer equipment, is solely responsible for the consequences that this entails.
- All historical information of any service or resource within the organization is treated in accordance with the security guidelines regarding the process of secure erasure and information backup, which includes the frequency of their performance, legal or contractual commitments. acquired and the term of custody of the asset.
- The communication channels that ZOLUXIONES BPO S.A.C., makes available to users to attend to service requests in the event of incidents, failures or new computer requirements are provided from the User Service Center (USC):
- Email: firstname.lastname@example.org
- Mobile Phone and WhatsApp: +51 962 386 375 / +51 940 486 733