Cobega is the Daurella family’s corporate group, which operates in the food and drinks sector and is present in over 50 countries.

M

Shareholder Office

INFORMATION SECURITY POLICY

Principles and Objectives of Information Security

These principles, along with the Information Security Management System they are based on, use the ISO27001 standard as a reference framework.
The objectives of the Cobega Group in terms of information security are aligned with business objectives, prioritizing compliance with applicable legal obligations relevant to the activity carried out.

A priority objective of information security will be the commitment to comply with the General Data Protection Regulation (GDPR) of the European Union and the data protection laws in force in the countries where Cobega operates.

In addition to the legal requirements regarding security, Cobega has the obligation and commitment to comply with the contractual and specific security requirements demanded by its clients and suppliers related to the information they access in accordance with their contractual relationships.
Cobega will have the necessary human, organizational, technological, and documentary resources to protect the company’s information and prevent incidents that may jeopardize it.
At all levels within Cobega, there will be a commitment to comply with the established information security objectives and to apply the established controls and preventive measures.
All levels of the Cobega Group are required to comply with the established rules and procedures, always focusing on protecting information assets and personal data processed by Cobega.
The company will take the necessary steps to ensure that personnel are aware of the security obligations affecting the development of their roles and the consequences of non-compliance.
Cobega will promote continuous training and awareness activities at all levels in the field of information security by developing a training action plan, monitoring its implementation, and evaluating its results.
Cobega’s security strategy will adhere to the principles of confidentiality, integrity, availability, authenticity, and traceability of information:

 

  • Confidentiality ensures that information is only accessible to authorized users and will not be disclosed to third parties without proper authorization.
  • Integrity ensures that data will remain free from unauthorized modifications, and that existing information has not been altered by unauthorized individuals or processes.
  • Availability guarantees that information will be accessible and usable at all times, ensuring business continuity. This principle is linked to resilience, which focuses on ensuring the recovery capacity of systems and information after an incident that temporarily prevents access to them.
  • Authenticity ensures that the origin and identities associated with the information are truly those indicated in its attributes. This principle is related to non-repudiation, ensuring that a user cannot deny the authorship of an action in the system or their association with a specific piece of data or data set.
  • Traceability ensures the ability to determine at any given moment the identity of individuals accessing the information and the activities they carry out related to it, as well as the different states and paths the information has followed.
  • A principle of proportionality will be applied between the controls to be implemented and the severity of the risk to be prevented, detected, or mitigated.
For new services and developments, the principle of security by design and by default will be applied.
Cobega is committed to continuous improvement, aiming to ensure that security management is always adequate and effective, periodically reassessing security measures and controls to adapt them to significant changes in the business, the company’s information systems, and technological evolution.
Barcelona, April 26th, 2024