- The Aboitiz Group recognizes the value of information and the need to protect its confidentiality, integrity, and availability
- The policy covers all strategic business units and includes all company information handled by key stakeholders, whether in physical or digital format
When experts talk about information security and related risks, it is no longer a question of IF but rather WHEN these will happen.
– Erramon I. Aboitiz, President and CEO, Aboitiz Group
The Risk Management (RM) Council, composed of the CEOs of the Strategic Business Units (SBUs), has approved the new Aboitiz Information Security Management Policy and commits to implement a Groupwide Information Security Management System (ISMS) to manage all critical and relevant information and related information assets.
The ISMS implementation will enable the Group to identify, assess, mitigate, and manage its information security and related risks, and ensure business continuity in the event of an information security incident. This covers all SBUs and their respective Business Units, and includes all information handled by key stakeholders (team members, customers, suppliers, contractors, and lenders among others) — whether physical or digital in form.
To assist in planning for the appropriate framework, methodology, and roadmap, the Information Security team — led by the Risk Management Team in close coordination with the IT Security Team — will conduct a Gap Analysis expected to be completed in September 2016.
The Groupwide implementation of ISMS is expected to be completed by end-2017. The ISMS also covers information technology (IT) security, and as such, the Group has also implemented IT Security Policies on IT Security Minimum Standard, Mobile Device Management Policy, Vulnerability Assessment Policy, and Domain Name Policy effective June 1, 2016.