Information security policy
The Cartographic and Geological Institute of Catalonia (ICGC) is a public law entity subject to private law, of the Government of Catalonia having full capacity to act in accordance of its functions, that are those related with the exercise of competences on geodesy and cartography, and on the spatial data infrastructure of Catalonia, as well as those of promoting and carrying out actions related to knowledge, prospecting and information on the soil and subsoil in the terms established in its Statutes (Catalan version, Spanish version).
The detail of its functions and strategies are published and available on the presentation page.
The Institute aware that the information it deals, it is a high-value resource, so it must be duly protected to maximize its confidentiality, integrity, and availability. These elements are essential to maintain such critical aspects as the business continuity, compliance with laws or public image of the Institute.
The ICGC, with the aim of improving information security, has provided the appropriate resources to implement and maintain an Information Security Management System (SGSI), in accordance with the following commitments:
- To improve continuously in order to achieve the objectives established in terms of information security, valuing the context and enhancing opportunities for improvement.
- To integrate information security requirements into the organization's processes, giving support to the normative and regulatory framework regarding information security.
- To support and foster sensitivity towards information security, promoting communications that highlight the importance of its management, by prompting the creation of a culture of information security at the Institute.
- To look after the security of the information relating to third party data in compliance with the agreed requirements on data exploitation, the preservation of information over time and taking into account the validity of existing agreements.
- To comply with legal and contractual information security requirements in matters related to the provision of services, the protection of personal data and the continuity of business processes.
- To apply the good practices of the Government of Catalonia in cybersecurity, international regulations, as well as support the integration of other management systems of the Institute in a coordinated manner.
The Information Security Policy is heritage of all the Institute’s staff who are active parts in its compliance.
All this, in order to share and optimize ICGC resources, seeking the continuous improvement of the effectiveness and efficiency in the management of its processes.
For all these reasons, the ICGC Management undertakes to document, implement and keep up to date this General Information Security Policy, putting the necessary resources at its disposal and committing itself to its dissemination to all relevant stakeholders.
Miriam Moysset Gil
Director of the ICGC
Barcelona, 16th of October 2024.
To this end, the ICGC deploys and update the Information Security Management System (SGSI) conform to the Standard ISO 27001:2013 with the scope.
“Information systems that cover the products and services provided by the ICGC to all staff and users in the exercise of its competences on geodesy, cartography and knowledge, prospecting and information on soil and subsoil, as well as the cross-cutting coordination of geoinformation that makes up the spatial data infrastructure of Catalonia”.
Revision date: 19th of September 2024.