INFORMATION SECURITY


Proposal


COSCO SHIPPING Ports (Spain) Terminals, SLU has adopted this Information Security Policy (the ‘Policy’) as a means to protect the confidentiality, integrity and availability of its corporate information, as well as any information that is stored, processed or transmitted.


Scope


This Policy applies to all employees and staff subcontracted by COSCO SHIPPING Ports (Spain) Terminals, SLU or subsidiary of COSCO SHIPPING Ports (Spain) Terminals, SLU who access, process or store corporate data.


Policy


Commitment of COSCO SHIPPING Ports (Spain) Terminals, S.L.U.

CSP Spain is aware of the importance of the security of information for the company, in order to achieve protection of the assets, business continuity, regulatory compliance and an optimal degree of competitiveness in the current market.

For this reason, CSP Spain has written the present Information Security Policy and the pertinent standards and directives that ensure the confidentiality, integrity and availability of information.

CSP Spain senior management has sought to define the most suitable policies and procedures so that CSP Spain undertakes an improvement process of information security with the certainty that this will lead to greater efficacy and guarantee its business processes.

This information security policy is included in the Information Security Management System implemented at CSP Spain, which represents a commitment by CSP Spain senior management with regard to the existence of a continuous improvement process that guarantees the proper running and development of the company in the scope of information security. It also ensures compliance with the requirements applicable in this area.

The final aim of this document is to provide our clients with better service, to protect sensitive and personal information, to be aligned with the group’s policies and to improve our processes.

Due to the above, CSP Spain senior management wants to expressly set on record its knowledge and approval of the policies set out in this document, so that all personnel should know them and take them on as part of their job functions.

In order for this to be possible, the resources and tools necessary to ensure what is established herein effectively takes place will be assigned both at the beginning and in its future maintenance.


Information Security Policy

Throughout its life cycle, all corporate information will be protected in the way that CSP Spain deems reasonable and appropriate, depending on its level of sensitivity, value and criticality. That is why this Policy is supported by the new Information Classification policy, which specifies and details the levels to be applied, depending on the nature and content of the information as either for reference or as directives.


Application of the policy


Any employee who violates this policy may be subject to disciplinary action.


Definitions


Corporate data

Any data or information that could stem from data and that is owned by CSP Spain.

Availability

Assure that authorised users have access to the information and associated assets when thus required.

Integrity

Safeguard the exactitude and completeness of the information and data processing methods.

Information systems

Any electronic system that stores, processes or transmits information.