Security Policy

Escuela Europea de Coaching wants to inform its employees, clients, suppliers and other interested parties in society, and establishes as a fundamental objective the requirements for the protection of information, equipment and technological services that support the majority of business processes. Furthermore, it establishes the appropriate measures in all those places where it can be stored or through which it can be transmitted.

Objective, the objective of the current high-level policy is to define the principles, basic rules and procedures for Information Security Management, ensuring its security and assessing and minimizing the associated risks.

Quality assurance and excellence, in order to meet the requirements of the UNE-ISO/IEC 27001 standard, an Information Security Management System has been developed and implemented. This policy is established as the framework within which all the activities of Escuela Europea de Coaching must be carried out, so as to guarantee to clients and other interested parties the commitment acquired, to ensure the availability, confidentiality and integrity of the information, as well as the establishment of the objectives in the management of Information Security:

Confidentiality, the information is then accessible only to those who are authorized and need-to-know, thus avoiding problems of leakage or unintentional deletion of sensitive information.

Integrity, ensuring that the information and its processing methods are accurate and complete, thus preventing unauthorized modifications.

Availability, the company's business continuity plans ensure that authorized users can have access to information and associated assets when required, guaranteeing access to the company's critical systems at all times through the development of business continuity plans.

Security strategy:

An Information Security Governance, which ensures the correct coordination and organization of information security at all levels. With an Information Security Manager or CISO (Chief Information Security Officer) who is in charge of coordinating information security in the company and whose main function is to develop the strategy, objectives and Information Security plans of Escuela Europea de Coaching.

An Mandatory Information Security Regulatory Framework, whose main axis is the Information Security Policy, which establishes the fundamental security principles on which the regulatory framework is based. The current version of the Information Security Policy was approved by the Management Committee on January 11, 2023.

The Information Security Awareness and Continuous Information Security Training , aims to raise awareness and train all the users of the company, so that all those who make up Escuela Europea de Coaching are aware of their responsibility in the field of Information Security, and of the criticality of protecting the confidentiality, integrity and availability of the information handled, both ours and that of our clients.

The auditing and compliance follow-up process, as a verification and control mechanism, both internally through continuous supervision and monitoring processes, which are permanently active, such as, for example:

Security and network monitoring processes that ensure compliance with security regulations in networks and information systems.

Processes of technical vulnerability audits of platforms and applications that provide analysis of vulnerabilities in both platforms and applications, with the aim of revealing and assessing the security risks arising from vulnerabilities.

You can request a copy of the security policy by sending an email to info@escuelacoaching.com