Information security policy
Information security is an inherent part of the decisions of any person, employee or collaborator related to Easypromos. Check below the most important aspects of the Information Security Management System (ISMS)
Our clients use EASYPROMOS as a cloud-based tool to manage their giveaways and competitions online. This means that they trust us to protect the data of users who participate in their promotions. It is our responsibility, as a business, to respond to their trust with the greatest care and dedication to protecting that data.
With this in mind, the leadership of EASYPROMOS would like the concept of INFORMATION SECURITY to be an inherent part of decisions made by every person, employee, or collaborator connected with the company. For this reason, it has been decided to design and implement an Information Security Management System (ISMS), according to regulations ISO-27001:2013 and ISO-27018:2020.
This security policy aims to raise awareness among:
- Our clients. We continually work on data protection, systematically and continuously analysing threats to our systems in order to apply preventative measures. We will report, communicate, and learn from security incidents, to avoid them in future and improve our systems.
- Our staff and collaborators. We must be conscious of security in all our tasks. To achieve this, the organisation will support continuous training to improve confidentiality, integrity, and availability of all the information which we handle. Working and training in these areas will enable us proactively to identify risks and threats, and define, plan, and execute preventative measures.
- Our providers. We will be strict in demanding high standards of data protection from our providers, just as we do from ourselves.
Therefore, the leadership of the business is responsible for:
- Establishing objectives for Information Security management for all assets, especially in the areas of Availability, Integrity, and Confidentiality.
- Establishing systematic risk analysis to evaluate the impact and threats to each asset of the organisation.
- Applying necessary controls and their corresponding processes.
- Supervising the fulfilment of all the standards and commitments to which EASYPROMOS subscribes, whether legal, regulatory, from clients, or its own contractual security obligations.
- Providing the necessary resources to guarantee the continuing operation of the business.
EASYPROMOS guarantees all clients our full commitment to processing their data, and any data collected in their promotions, in accordance with the fundamental requirements of confidentiality, integrity, and availability.
Easypromos complies with two standards ISO related to Information Security. The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 163 national standards bodies.
ISO/IEC 27001: Information Security Management System.
The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.
Easypromos is certified as ISO 27001 compliant by AENOR/IQNET.
ISO/IEC 27018: Protecting Personal Data.
ISO 27018 standard relates to the protection of personally identifiable information (PII), and as such, deals with one of the most critical components of the cloud-privacy. This standard is primarily focused on security controls for public-cloud service providers acting as PII processors. ISO 27018 works in two ways:
Builds off of existing ISO 27002 controls with specific items for cloud privacy
Provides completely new security controls for personal data
Easypromos is certified as ISO 27018 compliant by AENOR/IQNET.
Esquema Nacional de Seguridad (ENS)
The National Security Framework (ENS) is the regulatory framework in Spain that establishes policies and measures necessary to ensure the security of information in public administrations. Its objective is to protect the confidentiality, integrity, availability, traceability, and authenticity of the information handled by these entities, establishing guidelines and requirements for cybersecurity. Easypromos has successfully completed the self-assessment process in accordance with the requirements of Royal Decree 311/2022, of May 3, which regulates the National Security Framework of basic category.
Download the Easypromos Security Workpaper With a summary of our security policies.