{"id":16729,"date":"2022-01-17T18:20:45","date_gmt":"2022-01-17T18:20:45","guid":{"rendered":"https:\/\/businessadapter.es\/it-security\/"},"modified":"2024-12-11T10:48:52","modified_gmt":"2024-12-11T10:48:52","slug":"it-security","status":"publish","type":"post","link":"https:\/\/businessadapter.es\/en\/it-security\/","title":{"rendered":"IT Security"},"content":{"rendered":"\n

IT Security<\/strong><\/span><\/h2>\n

In this post we will discuss the basic measures for an adequate IT (Information Technology) Security <\/strong>in the business environment.<\/p>\n

We will break these measures down into four themes: Hardware, Software, Networking and Compliance.<\/p>\n

Hardware<\/strong><\/span><\/h3>\n

The hardware, understood as the equipment that allows us to access our computer system and process information (Computers, Servers, Smartphone, External memories,\"\"<\/a> etc.). It is obviously a fundamental part of the IT Security of any company.<\/p>\n

It must be the one that has been corporately authorized to work and that therefore complies with the necessary security measures to guarantee the confidentiality, integrity, availability and resilience of the information processed, as well as the technical characteristics necessary to carry out the work entrusted.<\/p>\n

This statement of intent shall be included in the IT Security and Personal Data Protection Policies, approved by the Management.<\/p>\n

Inventory<\/strong><\/h4>\n

An inventory (customer ref. Business Adapter: folder 08 <\/em>), with the detail of the hardware that each user of the company has assigned to work.<\/p>\n

It will also include hardware that is not assigned to a user, but which houses or is used to process corporate information in some way, such as servers, printers, point-of-sale terminals, etc. <\/p>\n

External Servers<\/strong><\/h4>\n

Regarding external servers, i.e. those that are contracted to suppliers and are physically located in a place other than the company’s facilities (e.g. cloud servers), it will be necessary to analyze whether the supplier complies with IT security measures and, if possible, whether the servers are within the EEA<\/a>.<\/p>\n

ET Contract<\/strong><\/h4>\n

With these suppliers, to whom we delegate some functions, as in the case of the hosting of information, it will be necessary to sign a Data Processor contract<\/a> with them in compliance with the RGPD.<\/a><\/p>\n

IT Security<\/h4>\n

The IT Security Policy must establish several procedures to ensure the confidentiality, integrity, availability and resilience of the information handled. For example: <\/p>\n