Terms and Conditions

1. GOALS

1.1 General Goal

To define a framework for ensuring the comprehensive protection of Hydra iT's data and technological resources, through the implementation of policies, security controls, and best practices that minimize cybersecurity risks, ensure regulatory compliance, and promote a safe and reliable work environment for all users.
 

1.2 Specific Goals 

• Establish access controls and permission management: Define and enforce access policies based on the principle of least privilege, ensuring that users can only access the information and functionalities necessary for their role.
• Develop a security incident response plan: Establish a clear and effective plan for identifying, containing, and mitigating security incidents, as well as for data recovery and service continuity
  Promote cybersecurity training and awareness: Design ongoing training programs for users, focusing on preventing common threats such as phishing and the secure handling of information.
• Commitment to continuous improvement: Ensuring the effectiveness of information security processes, in accordance with ISO/IEC 27001, promoting data protection and risk management in a sustainable manner.
• Comply with applicable rules and regulations: Align Hydra iT's security policies with legal and regulatory standards, ensuring compliance and avoiding penalties.
• Establish a robust data backup and recovery system: Implement regular backup procedures and disaster recovery plans to ensure the availability and protection of critical data in the event of incidents.

2. SCOPE

This policy applies to all employees, subcontractors, partners, and any other person who has access to the organization's information systems. It covers all systems, networks, devices, applications, and data that are owned by the organization or are under its control.

 

3. INFORMATION AND INFORMATION SECURITY

Information is the most valuable asset for organizations. For this reason, Hydra iT assumes the responsibility of ensuring that both its own data and that of the clients it manages are handled in accordance with the following fundamental principles:

• Confidentiality: Information must be protected against unauthorized access. Only authorized individuals should have access to information based on their roles and responsibilities.
• Integrity: Data and systems must be accurate and protected against unauthorized or unintentional modifications. Information integrity is essential for making reliable decisions.
• Availability: Information and systems must be available to authorized users when needed.

 

4. INFORMATION SECURITY POLICY

Protecting the information and personal data of business partners under the responsibility of Hydra iT, in a manner consistent with professional, ethical, legal, regulatory, and contractual requirements, is one of the Company's highest priorities and is considered fundamental to its success. The loss or theft of information or personal data can have serious legal, financial, and/or reputational consequences, and Hydra iT is committed to safeguarding the privacy, confidentiality, integrity, and availability of your information or that of your business partners, whether it is in physical, digital, or intellectual format.
 

5. RESPONSABILITIES

To ensure the effectiveness of the Information Security Management System (ISMS), it is crucial that each level of the organization understands and assumes its specific responsibilities. The following describes the roles and obligations of the various positions, from senior management to employees, ensuring an integrated and consistent approach to protecting information assets.

• Management: Responsible for providing leadership, support, and resources to implement and maintain the ISMS. Must ensure that the policy is reviewed periodically and adjusted as needed.
• Information Security Committee (ISC): The ISC is responsible for overseeing the development, implementation, maintenance, and continuous improvement of the ISMS, ensuring compliance with the information security policy throughout the organization.
• Directors and Team Managers: Supervisors or department coordinators are responsible for ensuring the effective application of information security policies within their teams. They must monitor compliance with guidelines, promote security training, and report incidents or non-conformities.
• Employees and Subcontractors: All employees and contractors must comply with this policy and associated security procedures. Any violation of the policy must be reported immediately.

All employees, as well as third parties, who may in any way interact with information from partners, employees, and Hydra iT itself, are required to comply with and enforce all information security standards, and must promptly report to RSI any event that may cause, or has caused, a breach of privacy or information security via email to servicedesk@hydra.pt.

Employees, as well as third parties, may be held liable for non-compliance with information security policies and standards established by Hydra iT.

6. MAINTENANCE

The Information Security Policy should be reviewed whenever necessary and, mandatorily, at least once a year, in order to ensure that it continues to be appropriate for Hydra iT and must be communicated to all employees.

Last revision: 30/04/2026