{"id":235141,"date":"2025-02-04T11:44:54","date_gmt":"2025-02-04T10:44:54","guid":{"rendered":"https:\/\/costeira.wine\/information-security-policy\/"},"modified":"2025-02-04T11:46:04","modified_gmt":"2025-02-04T10:46:04","slug":"information-security-policy","status":"publish","type":"page","link":"https:\/\/costeira.wine\/en\/information-security-policy\/","title":{"rendered":"Information Security Policy"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

INDICE<\/h3>\r\n1. INTRODUCTION\r\n\r\n2. SCOPE\r\n\r\n3. OBJECTIVE\r\n\r\n4. COMMITMENT OF MANAGEMENT\r\n\r\n5. LEGAL FRAMEWORK\r\n\r\n6. PRINCIPLES AND GUIDELINES\r\n

6.1 Mission and Objectives<\/p>\r\n

6.2 Prevention<\/p>\r\n

6.3 Detection<\/p>\r\n

6.4 Response<\/p>\r\n

6.5 Recovery<\/p>\r\n7. SECURITY ORGANIZATION\r\n\r\n8. DISSEMINATION, UPDATE, AND REVIEW OF THE POLICY\r\n\r\n9. STRUCTURE OF DOCUMENTATION\r\n\r\n10. PERSONAL DATA\r\n\r\n11. RISK MANAGEMENT\r\n\r\n12. NON-COMPLIANCES\r\n\r\n13. THIRD PARTIES\r\n\r\n14. TRAINING AND AWARENESS\r\n\r\n15. TELEWORK\r\n\r\n17. BACKGROUND CHECKS\r\n\r\n18. MANAGEMENT RESPONSIBILITIES\r\n\r\n19. APPROVAL AND ENTRY INTO FORCE\r\n\r\n1. INTRODUCTION<\/strong>\r\n\r\nVI\u00d1A COSTEIRA, hereafter referred to as the Organization, manages a significant amount of sensitive information that is crucial to its performance, sustainability, security, and ability to maintain business operations.\r\n\r\nThis information asset includes:\r\n

    \r\n \t
  • Information related to production and management necessary for the Organization’s activity.<\/li>\r\n \t
  • Intellectual property, consisting of all information, knowledge, and know-how within the Organization.<\/li>\r\n \t
  • Information about its partners and third parties, which could harm their brand image, or result in legal actions if altered or disclosed.<\/li>\r\n \t
  • Employee-related information, which, if disclosed, would violate privacy.<\/li>\r\n<\/ul>\r\nThis document aims to outline the Organization’s Information Security Policy to protect its information assets against various threats such as fraud, espionage, accidents, human errors, etc., to maintain the trust of our partners and comply with applicable legal frameworks and regulations.\r\n\r\nThis policy serves as the cornerstone of the Organization’s Information Security Management System (ISMS) program, aiming to ensure the protection of information assets within the ISMS scope.\r\n\r\nThe document establishes the framework for information security, ensuring availability, authenticity, integrity, confidentiality, and traceability of information.\r\n\r\nThe senior management of the Organization is committed to providing the necessary resources and actions to implement this policy.\r\n\r\nThe policy is accessible to all employees via the intranet, notice boards, etc., and is available to any interested parties upon request through senior management.\r\n\r\n2. SCOPE<\/strong>\r\n\r\nThis policy applies to all departments of the Organization and all personnel.\r\n\r\nThe Organization’s security role structure is defined at both the corporate and operational levels, within the organizational model.\r\n\r\nThe functional scope of this policy covers all information assets, including:\r\n
      \r\n \t
    • Information: Any data stored electronically or on paper belonging to the Organization, employees, suppliers, or partners.<\/li>\r\n \t
    • Materials: All physical elements that support processes (laptops, servers, printers, storage devices, etc.).<\/li>\r\n \t
    • Software: All programs or executables that contribute to data operations (operating systems, monitoring software, office suites, executables, etc.).<\/li>\r\n \t
    • Network: Communication devices used to interconnect computers or remote elements in an information system (routers, firewalls, communication lines, etc.).<\/li>\r\n \t
    • Personnel: All individuals involved in the information system (internal personnel, subcontractors, collaborators, etc.).<\/li>\r\n \t
    • Locations: Any locations the Organization uses, including facilities and the necessary physical requirements.<\/li>\r\n \t
    • Organizational Structure: All elements forming the Organization and its functions (organizational model, business processes, etc.).<\/li>\r\n<\/ul>\r\nThe ISMS extends to the services of GRAPE PRODUCTION, WINE MAKING, BOTTLING, AND MARKETING.\r\n\r\n3. OBJECTIVE<\/strong>\r\n\r\nThe primary objective of this policy is to ensure the availability, integrity, confidentiality, authenticity, traceability, and value of information, services, and related technologies and information assets within the Organization.\r\n\r\nThe generic objectives established by the Organization include:\r\n
        \r\n \t
      • Ensuring the protection of partner information throughout its lifecycle.<\/li>\r\n \t
      • Facilitating continuous improvement of security processes, procedures, products, and services.<\/li>\r\n \t
      • Meeting legal and other partner-specific requirements related to information security.<\/li>\r\n \t
      • Ensuring business continuity through contingency plans for critical services.<\/li>\r\n \t
      • Ensuring adequate resources for security and assigning roles and responsibilities.<\/li>\r\n \t
      • Raising awareness and training personnel about the importance of the ISMS and its contribution to business goals.<\/li>\r\n<\/ul>\r\n \r\n\r\n4. COMMITMENT OF MANAGEMENT<\/strong>\r\n\r\nThis policy outlines the management’s commitments regarding information security, specifically to ensure a high level of security for our partners. Management guarantees:\r\n
          \r\n \t
        • Protection of partner information against unauthorized changes, loss, or disclosure.<\/li>\r\n \t
        • High security in services provided to partners.<\/li>\r\n \t
        • Compliance with the ISMS to minimize risks for partners.<\/li>\r\n \t
        • Promotion of a security culture throughout the Organization.<\/li>\r\n \t
        • Incident management to minimize impacts on the Organization and partners.<\/li>\r\n<\/ul>\r\n \r\n\r\n5. LEGAL FRAMEWORK<\/strong>\r\n\r\nThe Organization adheres to the following relevant laws and regulations:\r\n
            \r\n \t
          • EU Regulation 2016\/679 regarding data protection and the free movement of data.<\/li>\r\n \t
          • Organic Law 3\/2018 on Personal Data Protection and Digital Rights.<\/li>\r\n \t
          • Royal Decree 311\/2022 on the National Security Framework.<\/li>\r\n \t
          • Royal Decree 203\/2021 on electronic procedures in the public sector.<\/li>\r\n \t
          • Other relevant Spanish laws regarding intellectual property, electronic access to public services, and administrative procedures.<\/li>\r\n<\/ul>\r\n \r\n\r\n6. PRINCIPIOS Y DIRECTRICES<\/strong>\r\n\r\nThe Organization relies, among other things, on ICT systems (Information and Communication Technologies) to achieve its objectives. These systems must be managed with diligence, taking the necessary measures to protect them against accidental or deliberate damage that could affect the availability, integrity, confidentiality, or traceability of the information processed or the services provided.\r\n\r\nThe objective of information security is to guarantee the quality of the information and the continuous provision of services, by acting preventively, monitoring daily activity, and responding promptly to incidents.\r\n
            \r\n
            \r\n
            \r\n
            \r\n
            <\/div>\r\n
            6.1 Mission and Objectives<\/strong><\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n
            \r\n
            \r\n
            \r\n
            \r\n
            \r\n
            \r\n\r\nIn the Organization, we develop at least the following objectives:\r\n
              \r\n \t
            • Use of corporate ICT resources, such as email, internet access, computing and communication equipment.<\/li>\r\n \t
            • Management of inventoried information assets, categorized and associated with a responsible party.<\/li>\r\n \t
            • Implement mechanisms to ensure that anyone who accesses or may access information assets understands their responsibilities, thus reducing the risk associated with improper use of these assets.<\/li>\r\n \t
            • Physical security, ensuring that information assets are located in secure areas, protected by physical access controls appropriate to their level of criticality. Systems and information assets within these areas must be sufficiently protected against physical or environmental threats.<\/li>\r\n \t
            • Security in the management of communications and operations, ensuring that information transmitted through communication networks is adequately protected based on its sensitivity and criticality level, using mechanisms that guarantee its security.<\/li>\r\n \t
            • Access control, limiting access to information assets by users, processes, and information systems by implementing identification, authentication, and authorization mechanisms according to the criticality of each asset.<\/li>\r\n \t
            • Acquisition, development, and maintenance of information systems while considering information security aspects at all stages of the lifecycle of these systems.<\/li>\r\n \t
            • Management of security incidents by implementing appropriate mechanisms for proper identification, recording, and resolution of security incidents.<\/li>\r\n \t
            • Continuity management by implementing appropriate mechanisms to ensure the availability of information systems and maintaining business process continuity.<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n \r\n\r\n6.2 Prevention<\/strong>\r\n\r\nTo defend against threats, the different departments of the Organization must implement the minimum security measures and ensure that ICT security is an integral part of each stage of the service lifecycle.\r\n\r\nDepartments must be prepared to prevent, detect, respond to, and recover from incidents.\r\n\r\nTo ensure compliance with this policy, the different departments of the Organization must:\r\n
                \r\n \t
              • Authorize systems before they are operational.<\/li>\r\n \t
              • Request periodic reviews by third parties to obtain an independent assessment.<\/li>\r\n \t
              • When there are specific security requirements for any service, senior management will communicate them to the IT department for analysis and implementation.<\/li>\r\n<\/ul>\r\n \r\n\r\n6.3 Detection<\/strong>\r\n\r\nSince services can degrade quickly due to incidents, ranging from simple slowdowns to complete service outages, it is essential to continuously monitor operations to detect anomalies in service delivery and take appropriate action.\r\n\r\nDetection, analysis, and reporting mechanisms will be established to inform the responsible parties regularly and whenever a significant deviation from the predefined normal parameters occurs.\r\n\r\n \r\n\r\n6.4 Response<\/strong>\r\n\r\nThe Organization and all its departments must:\r\n
                  \r\n \t
                • Establish mechanisms to respond effectively to security incidents.<\/li>\r\n \t
                • Designate a point of contact for communications regarding incidents detected in other departments or external organizations.<\/li>\r\n \t
                • Establish protocols for exchanging information related to the incident, ensuring timely and accurate sharing of relevant data for effective resolution.<\/li>\r\n<\/ul>\r\n \r\n\r\n6.5 Recovery<\/strong>\r\n\r\nTo ensure the availability of critical services, the Organization must develop a continuity plan for its ICT systems as part of its overall business continuity plan and recovery activities.\r\n\r\n7. SECURITY ORGANIZATION<\/strong>\r\n\r\nThe implementation of this Security Policy requires that all members of the Organization understand their duties and responsibilities according to their position.\r\n\r\nAs part of this Policy, the main roles are identified and detailed as follows: Security Manager and Systems Manager.\r\n
                    \r\n \t
                  • The Senior Management will be in charge of approving this policy and will be responsible for the authorization of its modifications, as well as all the documented information of the entity’s ISMS.<\/li>\r\n \t
                  • The Security Manager will be the one to take the appropriate decisions to meet the requirements of information security and services. He\/she shall have the following functions:\r\n
                      \r\n \t
                    • Overseeing compliance with this Policy, its rules and derived procedures.<\/li>\r\n \t
                    • Advise on security matters to the members of the Security Committee as required.<\/li>\r\n \t
                    • Notify all personnel of changes to this policy.<\/li>\r\n \t
                    • Coordinate the actions of implementation, maintenance and improvement of the Organization’s ISMS and its audits, together with the Systems Manager.<\/li>\r\n<\/ul>\r\n<\/li>\r\n \t
                    • The Systems Manager, who will be in charge of managing the technical and security requirements of the information systems.<\/li>\r\n \t
                    • All the Organization’s personnel, both internal and external, will be responsible for complying with the present Information Security Policy within their work area, as well as for applying all the documented information of the controls and security measures of the Organization’s ISMS in their work activities that affect their performance in information security.<\/li>\r\n<\/ul>\r\n \r\n\r\n8. DISSEMINATION, UPDATING AND REVIEW OF THE POLICY<\/strong>\r\n\r\nSenior Management shall be responsible for the annual review of this Information Security Policy and for proposing its revision or maintenance.\r\n\r\nThe Policy will be approved by the Senior Management of the Organization and will be disseminated so that all affected parties are aware of it.\r\n\r\nThis Policy will be developed by means of security regulations that address specific aspects. The security regulations shall be available to all members of the Organization who need to know them, particularly to those who use, operate or administer the information and communications systems.\r\n\r\n9. STRUCTURE OF THE DOCUMENTATION<\/strong>\r\n\r\nThe person in charge of the custody and dissemination of the approved version of the generated documentation will be the person in charge of the Security Manager.\r\n\r\nThe documentation on which this policy is based will be composed of a set of rules, procedures, good practices and guides that will help users in the development of their tasks.\r\n\r\n10. PERSONAL DATA<\/strong>\r\n\r\nRegulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the Spanish legislation in force, Organic Law 3\/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, defines the conditions under which the processing of personal data can be done.\r\n\r\nIt grants the persons affected by the processing the right to access and correct the data recorded in their account.\r\n\r\nThe Organization will only collect personal data when they are adequate, relevant and not excessive, and these are in relation to the scope and purposes for which they have been obtained. Likewise, it will adopt the technical and organizational measures necessary to comply with the Data Protection regulations. These measures will be included in the policies, regulations and procedures that emanate from this security policy.\r\n\r\n11. RISK MANAGEMENT<\/strong>\r\n\r\nAll systems subject to this Policy shall perform a risk analysis, assessing the threats and risks to which they are exposed. This analysis shall be repeated:\r\n
                        \r\n \t
                      • Regularly, at least once a year.<\/li>\r\n \t
                      • When the information handled changes.<\/li>\r\n \t
                      • When the services provided change.<\/li>\r\n \t
                      • When a serious security incident occurs.<\/li>\r\n \t
                      • When serious vulnerabilities are reported.<\/li>\r\n<\/ul>\r\nFor the harmonization of risk analysis, the Organization will establish a reference valuation for the different types of information handled.\r\n\r\nRisk management will be documented in a Risk Analysis and Management Plan.\r\n\r\n12. NON-COMPLIANCE<\/strong>\r\n\r\nThe Organization may take appropriate measures against any person who contravenes this Security Policy and who results in a threat to the business and\/or maintenance of the activity or in a violation of legal regulations and\/or contractual agreements to which the Organization is bound.\r\n\r\nThe level and degree of the measures will depend on the nature, intentionality and scope of the violation.\r\n\r\nIn the case of both labor and non-labor relations, the Organization reserves the right to take legal action, regardless of the termination of the contractual relationship, depending on the damage caused to the company.\r\n\r\n13. THIRD PARTIES<\/strong>\r\n\r\nWhen the Organization uses third party services or transfers information to third parties, they will be made aware of this Policy and the Security Regulations that apply to such services or information.\r\n\r\nSaid third party shall be subject to the obligations set forth in said regulations, and may develop its own operating procedures to comply with them. If necessary, specific incident reporting and resolution procedures shall be established. It shall be ensured that third party personnel are adequately security-aware, at least to the same level as that set forth in this Policy.\r\n\r\n14. TRAINING AND AWARENESS<\/strong>\r\n\r\nAn annual security training and awareness action will be carried out. The objective of the training and awareness action is twofold:\r\n
                          \r\n \t
                        • To keep the personnel most directly related to the handling of information and the systems that deal with it informed about existing security procedures, risks, protection measures, protection plans, etc.<\/li>\r\n \t
                        • To make the personnel, in general, aware of the importance of security and of the basic procedures for handling and exchanging information.<\/li>\r\n<\/ul>\r\n \r\n\r\n15. TELEWORKING<\/strong>\r\n\r\nThis policy and its associated procedures, rules and regulations shall be applicable to, and therefore mandatory for, all personnel of the Organization who are teleworking.\r\n\r\n17. BACKGROUND INVESTIGATION<\/strong>\r\n\r\nBackground checks on all job candidates must be conducted in accordance with applicable laws, regulations and codes of ethics and must be commensurate with the needs of the business and the classification of the information being accessed and the perceived risks.\r\n\r\n18. MANAGEMENT RESPONSIBILITIES<\/strong>\r\n\r\nManagement shall require employees and contractors to implement information security in accordance with the Organization’s established policies and procedures.\r\n\r\n19. APPROVAL AND ENTRY INTO FORCE<\/strong>\r\n\r\nThis Information Security Policy shall be approved by Senior Management by signature and shall be disseminated to its stakeholders.\r\n\r\nLikewise, the Top Management will provide the necessary resources for the effective application of this policy, and for its proper development, both in the implementation activities and in its subsequent maintenance and improvement of the entire ISMS of the Organization.\r\n\r\nVI\u00d1A COSTEIRA\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

                          INDICE 1. INTRODUCTION 2. SCOPE 3. OBJECTIVE 4. COMMITMENT OF MANAGEMENT 5. LEGAL FRAMEWORK 6. PRINCIPLES AND GUIDELINES 6.1 Mission and Objectives 6.2 Prevention 6.3 Detection 6.4 Response 6.5 Recovery 7. SECURITY ORGANIZATION 8. DISSEMINATION, UPDATE, AND REVIEW OF THE POLICY 9. STRUCTURE OF DOCUMENTATION 10. PERSONAL DATA 11. RISK MANAGEMENT 12. NON-COMPLIANCES 13. THIRD […]<\/p>\n","protected":false},"author":170,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-235141","page","type-page","status-publish","hentry"],"yoast_head":"\nInformation Security Policy - Vi\u00f1a costeira<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Information Security Policy - Vi\u00f1a costeira\" \/>\n<meta property=\"og:description\" content=\"INDICE 1. INTRODUCTION 2. SCOPE 3. OBJECTIVE 4. COMMITMENT OF MANAGEMENT 5. LEGAL FRAMEWORK 6. PRINCIPLES AND GUIDELINES 6.1 Mission and Objectives 6.2 Prevention 6.3 Detection 6.4 Response 6.5 Recovery 7. SECURITY ORGANIZATION 8. DISSEMINATION, UPDATE, AND REVIEW OF THE POLICY 9. STRUCTURE OF DOCUMENTATION 10. PERSONAL DATA 11. RISK MANAGEMENT 12. NON-COMPLIANCES 13. THIRD […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/\" \/>\n<meta property=\"og:site_name\" content=\"Vi\u00f1a costeira\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vinacosteira\/\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-04T10:46:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/costeira.wine\/wp-content\/uploads\/2021\/07\/costeira_estrellas_000175-low-980x653-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"980\" \/>\n\t<meta property=\"og:image:height\" content=\"653\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@costeira_es\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/costeira.wine\\\/politica-de-seguridad-de-la-informacion\\\/\",\"url\":\"https:\\\/\\\/costeira.wine\\\/politica-de-seguridad-de-la-informacion\\\/\",\"name\":\"Information Security Policy - Vi\u00f1a costeira\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/costeira.wine\\\/#website\"},\"datePublished\":\"2025-02-04T10:44:54+00:00\",\"dateModified\":\"2025-02-04T10:46:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/costeira.wine\\\/politica-de-seguridad-de-la-informacion\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/costeira.wine\\\/politica-de-seguridad-de-la-informacion\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/costeira.wine\\\/politica-de-seguridad-de-la-informacion\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/costeira.wine\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Information Security Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/costeira.wine\\\/#website\",\"url\":\"https:\\\/\\\/costeira.wine\\\/\",\"name\":\"Vi\u00f1a costeira\",\"description\":\"En la bodega Vi\u00f1a Costeira elaboramos vinos de D.O. Ribeiro y Valdeorras. Nuestros productos nos han convertido en la mejor bodega de Espa\u00f1a. \u00a1Con\u00f3cenos!\",\"publisher\":{\"@id\":\"https:\\\/\\\/costeira.wine\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/costeira.wine\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/costeira.wine\\\/#organization\",\"name\":\"Vi\u00f1a costeira\",\"url\":\"https:\\\/\\\/costeira.wine\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/costeira.wine\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/costeira.wine\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/logo_vina_costeira.svg\",\"contentUrl\":\"https:\\\/\\\/costeira.wine\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/logo_vina_costeira.svg\",\"width\":1024,\"height\":100,\"caption\":\"Vi\u00f1a costeira\"},\"image\":{\"@id\":\"https:\\\/\\\/costeira.wine\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/vinacosteira\\\/\",\"https:\\\/\\\/x.com\\\/costeira_es\",\"https:\\\/\\\/www.instagram.com\\\/costeira.es\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/vi\u00f1a-costeira\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCx-kNrCaW0EIlxNK7nBRyfA\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Information Security Policy - Vi\u00f1a costeira","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/","og_locale":"en_US","og_type":"article","og_title":"Information Security Policy - Vi\u00f1a costeira","og_description":"INDICE 1. INTRODUCTION 2. SCOPE 3. OBJECTIVE 4. COMMITMENT OF MANAGEMENT 5. LEGAL FRAMEWORK 6. PRINCIPLES AND GUIDELINES 6.1 Mission and Objectives 6.2 Prevention 6.3 Detection 6.4 Response 6.5 Recovery 7. SECURITY ORGANIZATION 8. DISSEMINATION, UPDATE, AND REVIEW OF THE POLICY 9. STRUCTURE OF DOCUMENTATION 10. PERSONAL DATA 11. RISK MANAGEMENT 12. NON-COMPLIANCES 13. THIRD […]","og_url":"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/","og_site_name":"Vi\u00f1a costeira","article_publisher":"https:\/\/www.facebook.com\/vinacosteira\/","article_modified_time":"2025-02-04T10:46:04+00:00","og_image":[{"width":980,"height":653,"url":"https:\/\/costeira.wine\/wp-content\/uploads\/2021\/07\/costeira_estrellas_000175-low-980x653-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@costeira_es","twitter_misc":{"Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/","url":"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/","name":"Information Security Policy - Vi\u00f1a costeira","isPartOf":{"@id":"https:\/\/costeira.wine\/#website"},"datePublished":"2025-02-04T10:44:54+00:00","dateModified":"2025-02-04T10:46:04+00:00","breadcrumb":{"@id":"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/costeira.wine\/politica-de-seguridad-de-la-informacion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/costeira.wine\/"},{"@type":"ListItem","position":2,"name":"Information Security Policy"}]},{"@type":"WebSite","@id":"https:\/\/costeira.wine\/#website","url":"https:\/\/costeira.wine\/","name":"Vi\u00f1a costeira","description":"En la bodega Vi\u00f1a Costeira elaboramos vinos de D.O. Ribeiro y Valdeorras. Nuestros productos nos han convertido en la mejor bodega de Espa\u00f1a. \u00a1Con\u00f3cenos!","publisher":{"@id":"https:\/\/costeira.wine\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/costeira.wine\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/costeira.wine\/#organization","name":"Vi\u00f1a costeira","url":"https:\/\/costeira.wine\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/costeira.wine\/#\/schema\/logo\/image\/","url":"https:\/\/costeira.wine\/wp-content\/uploads\/2021\/06\/logo_vina_costeira.svg","contentUrl":"https:\/\/costeira.wine\/wp-content\/uploads\/2021\/06\/logo_vina_costeira.svg","width":1024,"height":100,"caption":"Vi\u00f1a costeira"},"image":{"@id":"https:\/\/costeira.wine\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vinacosteira\/","https:\/\/x.com\/costeira_es","https:\/\/www.instagram.com\/costeira.es\/","https:\/\/www.linkedin.com\/company\/vi\u00f1a-costeira\/","https:\/\/www.youtube.com\/channel\/UCx-kNrCaW0EIlxNK7nBRyfA"]}]}},"_links":{"self":[{"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/pages\/235141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/users\/170"}],"replies":[{"embeddable":true,"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/comments?post=235141"}],"version-history":[{"count":5,"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/pages\/235141\/revisions"}],"predecessor-version":[{"id":235146,"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/pages\/235141\/revisions\/235146"}],"wp:attachment":[{"href":"https:\/\/costeira.wine\/en\/wp-json\/wp\/v2\/media?parent=235141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}