Information security policy

The Information Security Policy of APL, S.A. forms a common basis for all its organizational units, allowing the adoption of organizational security standards and of effective practices regarding information security management and also providing confidence in the communications and interorganizational relations in the company, in order to obtain a correct performance of the information systems security that support its business processes.

Our Information Security Policy describes the general principles that should be applied by the company’s functional areas to the information assets managed by it, assuming the following commitments:

  • Establish a strategy and plans for the development of the information security, assessing the results achieved, to ensure their effectiveness and continuous improvement.
  • Implement and maintain mechanisms and procedures that ensure the adequate integrity, confidentiality and availability of information in its information systems, the management of its business and the satisfaction of its clients’ needs, in order to maintain the credibility and confidence of APL, S.A.
  • Ensure a periodic assessment of the information systems risk exposure and develop mitigation plans and corrective measures.
  • Implement and maintain mechanisms and procedures aimed at ensuring the physical safeguarding of its information systems and of the information they contain, as well as guaranteeing disaster recovery and business continuity.
  • Comply with applicable legislation and regulation regarding the use and security of information systems.
  • Ensure the existence of mechanisms for reporting security breaches by users and procedures for their analysis and resolution.
  • Apply the best internationally recognized IT security practices and standards and ensure compliance by all partners and parties involved in the design, development, acquisition and maintenance of APL, S.A.'s information systems.
  • Promote the supervision and monitoring of entities that participate in the information systems used by APL, S.A., regarding compliance with requirements and with established procedures as well as the achievement of planned results, aiming at a continuous quality improvement.
  • Be known by all employees who use the information processing resources owned or controlled by APL, S.A., with each one being responsible for its compliance.
  • Be followed by all employees of APL, S.A. when using information processing resources in the course of their activities, who must act in accordance with the Information Security Policy and with the other documents related to the Information and Data Management System of APL, S.A.

APL, S.A. is committed to adopt the best practices for the information security management, using the ISO 27001 standard as a reference. 


Last update: December 5, 2019