Information Security Policy

Summary

The purpose of this general policy is to define the objective, direction, principles, and basic rules for the Information Security Management System (ISMS) at TopManage Panamá.

This Policy applies to the entire ISMS, considering the scope limits and exclusions outlined in the current Scope Description document.

The users of this document include all TopManage employees, as well as external third parties deemed relevant to the ISMS as determined by Senior Management.

We recognize the value and privacy of information, and thus have implemented an information security management system to oversee our information security efforts.

Principles

TopManage Panamá is a technology company with over 25 years of experience in the Latin American market, specializing in Cloud services, including Software as a Service (SaaS) provision, solution development and support, infrastructure for application integration, and document authorization services as a Qualified Authorization Provider (PAC), certified by the General Directorate of Revenues of Panama under Resolution No. 201-5711 for validating and authorizing electronic documents.

We recognize the importance of data value and privacy and, as such, have established an ISMS to control all our information security efforts.

This information security policy sets out the principles and guidelines for protecting information associated with Cloud services, such as general customer information on our platform, client and user authentication data in our services, customer-generated documents, files, and records, events related to our Cloud services, source codes, libraries, logs, and other service-related information within the Cloud infrastructure. This policy complies with the applicable laws of the Republic of Panama and aims to ensure the confidentiality, integrity, and availability of information while mitigating related risks.

At TopManage, through our Information Security Policy, we commit to identifying and fulfilling applicable requirements related to our system, information security, and legal, regulatory, and contractual requirements relevant to information security, as well as to the continuous improvement of our ISMS.

As part of our commitment, the following information security objectives are established, aligned with the organization’s strategic goals as determined by Senior Management:

  • Demonstrate to stakeholders our capability to protect their information through the maintenance of an ISO/IEC 27001 certified ISMS.
  • Ensure reasonable availability of our Cloud services (including DocFlow Invoicing PAC) through evaluation, monitoring, and implementation of procedures that protect information assets and prevent or address any security deviation or incident.
  • Promote and maintain a positive information security culture among staff through implementing procedures, best practices, and security awareness and training activities.

The CEO is responsible for defining the method for measuring compliance with the Information Security objectives. Measurements will be taken at least once a year, and the Security Officer will analyze and evaluate the results, reporting to Senior Management for review.

The Security Officer is responsible for all information security efforts, including recording details about measurement methods, frequency, and results.

Additionally, the CEO may assign other responsibilities and authorities as outlined in Roles and Responsibilities.

To ensure these outcomes, policy and procedure documents will be kept updated and made available to relevant stakeholders.

This Information Security Policy will be communicated to TopManage Panamá employees and made available to stakeholders as deemed necessary by Senior Management.