Certification Context

ISO/IEC 27001:2022 defines the requirements for establishing, implementing, maintaining, and continuously improving an information security management system.

Within this framework, ACTAINFO aligns its operations with:

• risk assessment and treatment methodologies
• information security governance controls
• asset protection and classification systems
• continuous security monitoring and improvement

Security Management Approach

The ISMS is applied across all operational areas, including:

• cloud and SaaS platforms
• digital services for public administration
• data processing and storage systems
• cybersecurity and compliance operations
• software development environments

Each component is managed under a risk-based security model.

Core Security Principles

The system is built on the principles of:

• confidentiality (restricted access to information)
• integrity (protection against unauthorized modification)
• availability (ensuring reliable access to systems and data)

These principles are enforced through technical and organizational controls.

Risk Management Framework

Security management is structured around:

• risk identification and evaluation
• control implementation
• incident prevention and response
• continuous risk monitoring

This ensures a proactive rather than reactive security posture.

Continuous Improvement & Monitoring

The ISMS is continuously updated through:

• security audits and assessments
• control effectiveness reviews
• incident analysis and corrective actions
• alignment with evolving threat landscapes

The objective is to maintain a resilient and adaptive security framework.