INFORMATION SECURITY POLICY

EL RANCHITO, as a company specialized in the production and edition of visual effects for cinema, television, advertising, and other audiovisual formats, with a strong position in the national and international market, openly states its intention to offer services with a level of security that guarantees the safeguard of information, so that all its clients can operate with maximum reliability.

Accordingly, the Management of EL RANCHITO has defined and implemented an Information Security Management System [ISMS] that enables the company to ensure that the information systems and information created, collected, stored, and processed complies with the following requirements:

  • Security in Human Resource Management, before, during, and at the end of employment.
  • Proper asset management that involves the classification of information and handling of media.
  • The establishment of rigorous logical access control to its systems and applications, managing user permissions and privileges.
  • Protecting facilities and physical environment by designing secure working areas and securing equipment.
  • Ensuring security in operations by protecting against malware, backing up, logging and monitoring, controlling operating software, managing technical vulnerabilities, and choosing appropriate techniques for auditing systems.
  • Communication security, protecting networks, and information exchange.
  • The assurance of security in the acquisition and maintenance of information systems, limiting and managing change.
  • Performing secure software development, separating development and production environments, and providing appropriate functional acceptance testing.
  • The control of supplier relationships, contractually demanding compliance with the relevant security measures and acceptable levels in the execution of their services.
  • Efficiency in security incidents management, establishing appropriate channels for reporting, response, and appropriate learning.
  • The implementation of a business continuity plan that protects the availability of services during a crisis or disaster.
  • Identification of and compliance with applicable regulations, with special emphasis on intellectual property and personal data protection.
  • The revision of the mentioned security information requirements to ensure compliance and effectiveness.

These principles are undertaken by the Management, which disposes of the necessary means and provides its employees with adequate resources for its compliance, expressing them through this Information Security Policy.

Last update, January 18, 2022