Corporate Security Policy Template - Free Download | Page 3
4.9,
2796
votes
Please vote for this template if it helps you.
Social Responsibility Policies
28 April 2015
/ 3
NOTICE. This document is a translation of a duly approved Spanish-language document, and is provided for informational purposes only. In the event of any discrepancy between the text of
this translation and the text of the original Spanish-language document that this translation is intended to reflect, the text of the original Spanish-language document shall prevail.
CORPORATE SECURITY POLICY
The Board of Directors of IBERDROLA, S.A. (the “Company”), being aware that security, in all its forms, is a fundamental need for persons without
which they cannot fully carry out their activities, has approved this Corporate Security Policy.
1. Purpose
The Corporate Security Policy seeks to ensure the effective protection of persons, assets, and intellectual capital of both the Company and the other
companies belonging to the group of which the Company is the controlling entity, within the meaning established by law (the “Group”), while at the
same time ensuring that security-related actions fully conform to the law and scrupulously respect human rights.
2. Main Principles of Conduct
For purposes of achieving the aforementioned goals, the Group assumes and promotes the following main principles, which must inform all its
activities in the area of corporate security:
a) Comply with applicable security law in the countries in which it operates, fully respecting human rights.
b) Design a preferably preventative security strategy that aims at minimising physical and logical security risks, and allocating the resources
necessary for its implementation.
c) Guarantee the protection of professionals, assets, knowledge, and other Group information, as well as the normal performance of its activities.
d) Develop specific defence plans that guarantee the appropriate protection of the Company’s intellectual capital, especially with regard to
cybersecurity and to the fight against industrial espionage, acting on a coordinated basis with the Systems Division in accordance with the
provisions of the Cybersecurity Risk Policy.
e) Establish controls over the Company’s inflows and outflows of information to prevent the leak or theft of sensitive information, whether
accidentally or intentionally.
f) Identify critical points relating to the security of the Group, define actions for prevention and ongoing improvement, and be aware of the
security situation within the Group.
g) Avoid the use of force in the exercise of security, using it solely and exclusively when strictly necessary and always in accordance with the law and
in a manner proportional to the threat faced, to protect life.
h) Ensure and reinforce the proper qualification of all security personnel, both internal and external, establishing rigorous training programmes
and defining hiring requirements and standards that take these principles into account.
i) Specifically, train all security personnel in the area of human rights, or ensure that such personnel have received proper training in this area.
j) Evaluate from time to time the providers of security during the term of their contract, with the aim of identifying points for improvement.
k) Contribute to the creation of a culture of security within the Group by means of communication and training activities in this area.
l) Collaborate and not interfere with public security authorities in the discharge of their legitimate duties, all without prejudice to the
aforementioned principles.
This Corporate Security Policy was initially approved by the Board of Directors on 23 September 2013 and last amended on 28 April 2015.
source: iberdrola.com
