Elecnor understands information security as an integral and continuous process over time. This security must be made up of all the technical, human, material and organisational elements necessary to ensure that it is properly managed.
The Group's information security management system is certified in accordance with the UNE 27001 standard.
Therefore, security measures have been put in place to reduce the possible appearance of threats and so that any security incidents which arise may be detected, can be dealt with in time and do not seriously affect the information being handled or the services being provided, whilst enabling their restoration. To this effect, the principles of conduct are the following:
To define, develop and put into operation the necessary technical, legal and management controls to ensure compliance with the risk levels approved for the organisation at all times.
To create a “security culture”, both internally with all the staff and externally with customers and suppliers. In particular, to promote this security culture and its implementation in the services Elecnor offers to its customers.
Information systems that support corporate processes for the management, maintenance, and support of security and infrastructure projects (networks, servers, user workstations, communications…), for the design and management of projects in the areas of electricity, gas, power generation plants, railways, telecommunications, water and environment, construction, facilities, and maintenance.
