It establishes a framework for protecting information resources against internal or external, deliberate or accidental threats, in order to ensure compliance with the confidentiality, integrity, and availability of information, based on the following objectives:
01
Compliance with legal, regulatory, and contractual requirements.
02
Risk treatment planning to ensure the availability, integrity, and confidentiality of information, linked to the provision of services.
03
Management based on facts and objective data.
04
Continuous improvement of processes and products, and security requirements.
05
