Information Security Policy
Introduction
At Indivi, we are committed to maintaining the highest standards of information security to protect the confidentiality, integrity, and availability of our information resources. This policy outlines our approach to safeguarding information, aligning with the requirements of ISO/IEC 27001:2022 and relevant legal and regulatory frameworks such as GDPR, HIPAA, Swiss DPA, and Spanish LOPD.
Purpose
The purpose of this policy is to ensure that Indivi protects its information assets against internal and external threats, whether intentional or accidental. This commitment is achieved by implementing, maintaining, and continually improving our Information Security Management System (ISMS).
Scope
This policy applies to all employees, contractors, and third-party personnel who access, process, or manage Indivi's information resources. The certification scope includes:
Information systems supporting the development of software and applications for digital biomarkers and clinical data analysis.
Core Principles
Indivi’s information security practices are guided by the CIA triad:
Confidentiality: Ensuring that information is accessible only to authorized individuals.
Integrity: Protecting the accuracy and completeness of information.
Availability: Ensuring that information and systems are accessible when needed.
Key Commitments
To uphold our security principles, Indivi will:
Protect information against unauthorized access and disclosure.
Preserve the integrity and availability of information.
Manage risks to minimize business impact.
Ensure compliance with all applicable laws, regulations, and contractual obligations.
Promote information security awareness across the organization.
Continuously review and improve our security practices.
Responsibilities
Executive Management: Ensure adequate resources and strategic alignment for information security.
ISMS Representative: Oversee compliance with this policy and report on ISMS effectiveness.
Information Security Officer: Lead the Security Team, manage risk assessments, and enforce security policies.
All Employees and Third Parties: Comply with security policies and report any security concerns.
Compliance
Indivi’s compliance with this policy is monitored through internal audits, management reviews, and continuous risk assessments.
Contact Information
For questions or concerns about this policy, please contact our Information Security Team at security@indivi.io
Conclusion
Indivi is dedicated to fostering a culture of security and ensuring the resilience of our operations. This policy is a testament to our unwavering commitment to safeguarding the trust placed in us by our stakeholders.
History
This policy is reviewed regularly to adapt to evolving risks and organizational needs.
Revision history:
August 2021: Initial version 1.1
September 2022: version 2.0
March 2024: version 13.0
December 2024: version 17.0