The Management of EUROFINS-MEGALAB commit to establish the criteria, processes and guidelines to ensure the confidentiality, integrity and availability of the information and associated systems, in accordance with the needs of its clients, as well as the requirements and strategies of the business, maintaining a balance between the resources available for this purpose and the levels of risk that can be assumed.
EUROFINS-MEGALAB commit to strictly comply with the legal regulations and requirements that, in terms of information security or privacy, are applicable wherever its activity is carried out.
EUROFINS-MEGALAB will collaborate at all times with the authorities in matters of information security and privacy, when required.
EUROFINS-MEGALAB enhances the capabilities of prevention, detection, reaction, analysis, recovery and response to threats to information security and privacy, equipping itself with the technologies and mechanisms that allow this management to be carried out effectively.
Following the principles of Security and Privacy by Default, those responsible at EUROFINS-MEGALAB for new projects or developments will carry out a risk analysis, considering the requirements of confidentiality, integrity, availability of information, and the processing of personal data, in order to defend the reputation, prevent fraud or preserve the company’s operations, as well as protect the security and privacy of employees, customers and suppliers.
Likewise, periodically, EUROFINS-MEGALAB will carry out drills to verify its capacities in terms of crisis management in order to preserve the continuity of its business and that of the services provided to its clients.
Management model and continuous improvement
This Policy is developed through the functions, responsibilities and governing bodies defined for this purpose, and an Information Security Standards, which constitutes a set of mandatory procedures in EUROFINS-MEGALAB.
EUROFINS-MEGALAB establishes its information security management system, to achieve the sustained development of its capabilities in this area, incorporating best practices, new technological trends, as well as the necessary work procedures, aligned with the company’s strategic plans and with the context in which it operates.
Information systems life cycle
The information security requirements must be considered from the design, development and throughout the life cycle of the applications and associated systems, whether they belong to the information systems environment or to the laboratory systems environment of EUROFINS-MEGALAB, applicable both to its own development and to solutions acquired from third parties. It will be applicable in all phases: analysis of requirements and feasibility, design, construction, tests, implementation, acceptance, maintenance and finally in its decommissioning.
To guarantee the success of this responsibility, either through internal or external auditing, EUROFINS-MEGALAB will periodically assess the state of information security, paying special attention to the systems considered critical for the provision of services to its clients.
Awareness and commitment of employees, customers and suppliers
EUROFINS-MEGALAB is aware that the security of information and the protection of privacy concerns us all, being key for this purpose to consider the human factor.
EUROFINS-MEGALAB provides in a continuous and updated manner, based on the evolution of the threats and risks detected, the information, awareness and training necessary for employees, customers, suppliers and collaborators, in terms of information security and privacy, especially those related to responsibilities in the treatment of information classified as confidential or sensitive.
EUROFINS-MEGALAB requires its employees to strictly observe the procedures, rules and instructions derived from these Principles, making the appropriate information and advice available to them at all times to comply with that obligation.
Regarding the supply chain, and through an adapted evaluation process, EUROFINS-MEGALAB will require its critical suppliers to comply with adequate standards in terms of information security, based on the potential impact for the company or for data privacy of its customers and employees.