Objective
Information is a fundamental asset for the companies within the Mr. Houston Group. Therefore, we are committed to ensuring its confidentiality, integrity, and availability, aligning our practices with international security standards, particularly the ISO/IEC 27001 standard.
Scope
This policy applies to all employees, contractors, suppliers, and any other stakeholders who have access to Mr. Houston’s information and systems, regardless of their location or format.
Goals and Commitment
The management, on behalf of the companies within the Mr. Houston Group, is committed to achieving the following general objectives:
- Ensure the security of information by safeguarding its confidentiality, integrity, and availability.
- Promote a culture of responsibility in information security, encouraging continuous awareness and training.
- Comply with legal, regulatory, and contractual requirements related to information security, personal data protection, intellectual property protection, and any other relevant regulations.
- Adopt standards and best practices in information security.
- Design, implement, and maintain a suitable Information Security Management System (ISMS).
- Establish and periodically review these information security objectives, aligning them with the organization’s purpose, strategy, identified threats, and the fundamental principles of information security outlined in this policy.
- Ensure the oversight and monitoring of compliance with these information security objectives.
- Provide the organization with the necessary resources (technological, human, and financial) to ensure the protection of information.
- Continuously and diligently identify, assess, and address risks to which the organization is exposed.
- Work on self-assessment and continuous improvement, identifying opportunities to optimize information security.
Fundamental Principles of Information Security
In all actions and decisions related to information security, the Mr. Houston Group will be guided by the following fundamental principles:
– Information Protection: Ensuring the confidentiality, integrity, and availability of information.
– Legal and Regulatory Compliance: Guaranteeing adherence to applicable regulations and requirements.
– Risk Management: Identifying, assessing, and mitigating potential threats and vulnerabilities to protect information assets.
– Training and Awareness: Promoting active responsibility among all collaborators through awareness programs.
– Continuous Improvement: Optimizing processes, tools, and security measures to respond to Mr. Houston’s context.
Dissemination and Communication
This policy will be communicated and made publicly available to all stakeholders, both internal and external to the organization.
The document will be published through appropriate channels to ensure access for stakeholders, such as the organization’s public website, corporate intranet, and internal document management system, to facilitate access for internal personnel.
Responsibilities
–– The management of the Mr. Houston Group is responsible for defining, disseminating, promoting, and overseeing this policy, as well as ensuring that the necessary resources are allocated for its proper implementation.
– The Cybersecurity Coordination Committee (CCC) is a multidisciplinary body responsible for supervising, advising, and ensuring the implementation, updating, and compliance of the organization’s Security Plan, aligned with standards such as ISO 27001. It manages risks and coordinates responses to critical incidents.
– The organization’s Cybersecurity Officer is responsible for implementing, overseeing, and improving the ISMS, coordinating security initiatives, and managing information-related incidents.
– The IT Technical Team at Mr. Houston is responsible for providing the technical means necessary to ensure the operation of the ISMS.
– All employees and collaborators are required to comply with this policy and the regulations derived from it. They are responsible for safeguarding information security in their daily activities and must report any security incidents through the channels established by the organization as soon as they become aware of them.
Review and Approval
This policy will be periodically reviewed and updated according to the organization’s needs and changes in the environment.
Approved by the Mr. Houston Management Committee on January 22, 2025.