See all Online Master's Degrees in Health
See all Master's Degrees in Engineering
Most searched curriculums
INFORMATION SECURITY POLICY | |
| VERSION: 1.0 | APPROVED BY: Board of Directors |
| DATE OF APPROVAL: 03/03/2026 | ISSUING DEPARTMENT: Technology & Transformation Department |
SCOPE: UAX Group employees, suppliers and third parties handling the Group’s information | |
VERSION CONTROL | ||
| APPROVAL DATE | VERSION | REASON AND SUMMARY OF CHANGES |
| 03/03/2026 | 1.0 | Document created |
1. Introduction and Purpose
To ensure the protection and appropriate use of information, the UAX Group has established a policy requiring each of its constituent entities to implement an Information Security Management System (ISMS) based on the ISO 27001 standard.
The ISMS provides a framework to ensure the appropriate use of information and the secure management of processes, promoting continuous improvement and ensuring compliance with applicable legal, regulatory and contractual requirements.
This Policy forms the basis of the ISMS and defines the essential principles, standards and procedures for information security within the UAX Group, with the aim of preserving the confidentiality, integrity, availability and traceability of information.
The requirements set out in this Policy represent the minimum standard; however, each entity within the UAX Group may develop a more detailed or advanced policy, depending on its needs and level of maturity in information security.
2. Objective
The purpose of this Policy is to establish the basic principles and rules for information security management, ensuring:
The UAX Group Management is committed to supporting the implementation of the organisational, technical and control measures necessary to comply with this policy.
3. Scope
This policy applies to:
For the purposes of this Policy, “UAX Group” refers to all those entities which form part, under the terms of Article 42 of the Commercial Code, of the group of companies whose parent company is Guadarrama Proyectos Educativos, S.L.
4. Information Security Principles
5. Roles and Responsibilities
6. Risk Management
Risk analysis and management is a fundamental pillar of the ISMS. To this end, methodologies of recognised standing or those widely accepted in the market, such as ISO 31000, Magerit and COBIT, shall be adopted.
All risks must be recorded, assessed, addressed and documented, including acceptance criteria, responsible parties and evidence of follow-up.
The risk analysis shall be reviewed at least once a year or in the event of serious incidents or significant changes to the information systems.
7. Training and Awareness
The UAX Group will implement an ongoing programme of training and awareness-raising on information security aimed at employees and third parties with access to critical information.
Records of attendance, course content and assessments will be maintained to ensure evidence of compliance and effectiveness.
8. Maintenance and Review of the Policy
The policy will be reviewed annually by the CISO, and whenever there are regulatory or technological changes, or relevant incidents.
All reviews will be documented, stating the date, those responsible and the changes made, to maintain audit evidence.
9. Compliance and Sanctions
Failure to comply with this policy may result in disciplinary, contractual or legal sanctions, depending on the severity of the breach.
Sanctions will be applied in accordance with documented procedures, ensuring proportionality and providing evidence for external and internal audits.
10. Approval, Distribution and Updating
This Policy was approved by the Board of Directors of Guadarrama Proyectos Educativos at its meeting on 3 March 2026 and came into force upon approval.
This Policy is a document easily accessible to all members of the UAX Group, available at all times via the staff portal, in the corporate documentation section. Furthermore, it will be sent by email at least once a year, and whenever updates are made.
The CISO will ensure the correct implementation of the Policy, monitoring it annually and carrying out any necessary revisions and updates.