At Enimbos we look forYour peace of mind is the first thing.
As an evidence of our commitment in service and procedure management, we are certified by the main ISO’s related to cloud and hybrid environments, including the Spanish National Security Scheme. We always keep the focus on protecting the most valuable thing for your company, the information.
Integrated Policy of Management Systems ISO 20000 – 22301 – 27001 – 27017 – 27018 and ENS high category
Enimbos, as a supplier company of managed services for the provision, administration, management and continuity of cloud and on-premise environments, assumes its commitment to quality of service, information security and business continuity. Therefore it undertakes to ensure the proper management of information security, business continuity and IT services provided by the organization, in order to offer all Interest Groups the best guarantees for quality of these services, their continuity and security of the information used in these services. For all the above, the Management establishes the following principles:
- Establishing goals and objectives focused on performance evaluation in the delivery of IT services, security of information and continuity, as well as the continuous improvement in our activities, regulated by the Management System that developes this policy.
- Commitment to compliance with applicable legal requirements and other requirements that the organization subscribes in addition to the commitments made to customers and the continuous updates of them.
- Establishing continuous improvement as the basis of our activities, in order to guarantee and increase the quality of services and reduce, as far as possible, their interruptions.
- Identifying potential threats as well as the impact on business operations that those threats, if realized, may cause.
- Providing a framework to increase resilience or resiliency to provide an effective response.
- Ensuring a quick and efficient recovery of services, against any physical disaster or contingency that might occur that puts at risk the continuity of operations.
- Guarantee that the business continuity system aligns with the changing needs of the company, improves continuously and complies with applicable requirements.
- Preserving the interests of its interested parties (customers, shareholders, employees and suppliers), reputation, brand and value-creating activities.
- Preventing incidents of information security to the extent that is technically and economically viable as well as mitigating the security risks of information generated by our activities.
- Working together with our suppliers and subcontractors in order to improve the provison of IT services, continuity of services and security of information, that have an effect on a greater efficiency of our activity.
- The maintenance of a fluid communication with a commitment to open and cordial dialogue, both internally, between the various levels of the company, as well as with customers, administrative sections, associates and other groups interested in our activities.
- Evaluating and ensuring technical competence of employees, as well as ensuring their adequate motivation for their participation in this continuous improvement of our processes, providing adequate training and internal communication to develop good practices defined in the system.
- Ensuring the correct state of the facilities and proper equipment, so that they are connected with activity, objectives and goals of the company.
- Looking after for ensuring the satisfaction of our customers, including interested parties on the results of the company, in everything referred to the development of our activities and their impact on society.
- Ensuring a continuous analysis of all relevant processes, establishing appropriate improvements in each case, depending on the results obtained and the objectives set.
These principles are assumed by the Company’s management, who has the means and provides its employees with sufficient resources for its fulfilment, translating them and putting them in the public knowledge through this Integrated Policy of Management Systems.
- ISO 20000: The service management system of ENIMBOS supporting the provision of delivery, administration, management, and continuity of Cloud and On-premise services to external customers.
- ISO 9001: Quality management: Uses a process and risk management approach necessary to provide effective customer service. It covers basic processes related to the management of a company’s processes, adopting the best management practices. This standard has become a reference for quality worldwide with more than one million certified companies.
- ISO 22301: Information systems that support the provision, administration, management and continuity of Cloud and On-premise environments.
- ISO 27001: Information systems that support the provision, administration, management and continuity of Cloud and On-premise environments according to Stament of Applicability.
- ISO 27017: The ISO 27017 standard focuses on cloud service providers as well as the security of all these services; in fact, the client’s point of view is also taken into account. These additional requirements make it possible to standardize the relationships between customers and cloud service providers through a common analysis and exchange model, thus facilitating management. Companies that conform to ISO 27017, allow users of their services to enjoy better security guarantees.
- ISO 27018: The ISO 27018 is the first international regulation on cloud privacy. Provides guidance for companies that are responsible for the processing of personal data. The security measures of this standard are relevant in the context of application services (SaaS) that process personal information and have a limited application in the case of our infrastructure services.
- ENS (National Security Scheme) High Category: Enimbos is certified by the ENS High category. The purpose of this certification is to establish the security policy in the use of electronic means and is constituted by basic principles and minimum requirements that guarantee access, integrity, availability, authenticity, confidentiality, traceability and preservation of data, information and services.