{"id":4323,"date":"2023-09-04T10:25:16","date_gmt":"2023-09-04T10:25:16","guid":{"rendered":"https:\/\/www.coutinhorebelo.com\/general-external-information-security-policy\/"},"modified":"2023-10-13T13:56:46","modified_gmt":"2023-10-13T13:56:46","slug":"general-external-information-security-policy","status":"publish","type":"page","link":"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/","title":{"rendered":"General External Information Security Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4323\" class=\"elementor elementor-4323 elementor-3948\" data-elementor-settings=\"{&quot;ha_cmc_init_switcher&quot;:&quot;no&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6b25b93 e-flex e-con-boxed e-con e-parent\" data-id=\"6b25b93\" data-element_type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[],&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a0fd9a7 elementor-widget elementor-widget-html\" data-id=\"a0fd9a7\" data-element_type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<style>.border-top {\n position: relative;\n }\n\n .border-top::before {\n content: \"\";\n position: absolute;\n top: -10px;\n left: 0;\n width: 50px;\n border-top: 1px solid #70828E; }\n<\/style>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7acf510 e-flex e-con-boxed e-con e-parent\" data-id=\"7acf510\" data-element_type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[],&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4cf4b14 elementor-widget__width-auto border-top elementor-widget elementor-widget-heading\" data-id=\"4cf4b14\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">General External Information Security Policy<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-943a704 elementor-widget elementor-widget-text-editor\" data-id=\"943a704\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>1. Scope and objective<\/strong><\/p><p>The Information Security Policy applies to all information that is under the responsibility of Coutinho Rebelo Advogados (hereinafter referred to as CRA), regardless of the recording medium, including, in particular, databases, any IT environment, documents, files and other technological and\/or application tools.<\/p><p>The objective of the Information Security Policy is to preserve the confidentiality, integrity, and availability of information, contributing to ensuring the CRA&#8217;s objectives and maintaining customer trust as well as compliance with legal and regulatory obligations.<\/p><p>This Policy formalizes and intends to communicate the strategic and programmatic definitions approved for information security, which are assumed as an ethical commitment and professional responsibility of the CRA.<\/p><p>In this sense, the CRA defines clear objectives for the implementation of information security processes, controls and practices and promotes the adoption and implementation of an Information Security Policy transversal to the entire Society.<\/p><p>Information security objectives correspond to:<\/p><ul><li>Assess information security risks, in order to implement the necessary controls that allow the risks to be mitigated up to the established level of acceptance.<\/li><li>Create a culture of information security through training and awareness actions.<\/li><li>Define and implement the technical and organizational controls necessary to guarantee the confidentiality, integrity, and availability of information.<\/li><li>Consider information security as a process of continuous improvement, which allows increasingly advanced levels of security to be achieved.<\/li><\/ul><p>\u00a0<\/p><p><strong>2. Responsibilities and security organization<\/strong><\/p><p>The Information Security Policy is intended for all CRA lawyers and employees, regardless of their relationship, as well as suppliers and service providers and their employees who have access to information under the responsibility of CRA.<\/p><p>To this extent, everyone is obliged to comply with and enforce this Policy and to communicate any event that causes or may cause a breach of information security.<\/p><p>\u00a0<\/p><p><strong>3. Information security policy<\/strong><\/p><p>The Information Security Policy is guided by the following principles:<\/p><ul><li>Confidentiality: information is only made available to those who have the appropriate authorization for this purpose.<\/li><li>Integrity: the safeguarding and preservation of information, and the adequacy of the respective processing methods.<\/li><li>Availability: the information is available to all duly authorized users.<\/li><li>Auditability: corporate and\/or business data and information are registered, compiled, analyzed, and revealed, in order to allow internal auditors or external certifying entities to attest to their integrity.<\/li><li>Traceability: the ability to recover the history of actions carried out. Information is an essential good or asset for the CRA and must be protected in the most appropriate way. Information security protects information against a multitude of threats, being essential to promote service (business) continuity, minimize negative effects on the organization, maximize the profitability of investments and continually improve the quality of the service.Information security is achieved through the implementation of a set of controls, namely: policies, standards, and procedures, which are in accordance with the international standard ISO\/IEC 27001.To comply with these principles, the CRA, in accordance with the legislation and standards in force in matters of information security, adopts the best national and international practices, in a manner appropriate to the specificities of the organization.<\/li><\/ul><p>\u00a0<\/p><p><strong>4. Information security organization<\/strong><\/p><p>The information security organization is implemented and managed through an Information Security Management System (SGSI), in an integrated manner with the office&#8217;s processes and its global management structure, which guarantees a multidisciplinary approach to the topic and allows you to plan, design, control, evaluate and improve all information security implementation processes in a transversal way, considering three aspects of action: people, technologies and processes.<\/p><p>The CRA implements specific policies and procedures that respect international reference standards, capable of being audited and that define the requirements for the implementation of the ISMS, namely:<\/p><ol><li>The CRA promotes the definition of appropriate rules for data privacy and compliance with Regulation (EU) 2016\/679 of the European Parliament and of the Council, of April 27, 2016, and applicable national legislation.<\/li><li>The CRA promotes, through its SGSI, the protection of confidentiality, integrity, availability of information, as well as the resilience of its systems and information processing services.<\/li><li>Through its Incident and Business Continuity plans, CRA promotes the ability to minimize the impact of physical or technical incidents, as well as recover availability and access to personal data in a timely manner, in the event of a disaster or serious incident.<\/li><li>Regular assessment of the security of information processing and respective support systems is promoted by formal external audit processes, carried out by reputable and impartial auditors, with certified skills.<\/li><li>The risk analysis process implemented within the scope of the SGSI includes the risks associated with the processing of personal data, including accidental or unlawful destruction, loss and alteration and unauthorized disclosure or access to personal data transmitted, stored or subject to any other type of treatment.<\/li><li>The CRA, as responsible for the processing of personal data, takes measures so that any natural person who, acting under the authority of the controller or a subcontractor, has access to personal data, and only processes it upon instructions from the controller, unless required to do so by European Union or Member State law.<\/li><\/ol><p>\u00a0<\/p><p><strong>4.1. Information security risk assessment<\/strong><\/p><p>Information security requirements and risk acceptance criteria are identified through an accurate information security risk assessment. Carrying out a risk analysis helps to determine the risk exposure and, consequently, to prioritize the most relevant risks, allowing the identification of appropriate mitigation actions and appropriate controls.<\/p><p>\u00a0<\/p><p><strong>4.2. Information security controls<\/strong><\/p><p>The selection of controls depends on CRA decisions based on risk acceptance, risk treatment and, in general, risk management criteria. These criteria result from the risk analysis carried out and must consider applicable national and international regulations and legislation.The implemented information security mechanisms are subject to periodic reviews to ensure the expected security levels, with particular focus on safeguarding business continuity and critical processes.<\/p><p>\u00a0<\/p><p><strong>4.3. Continuous improvement<\/strong><\/p><p>The SGSI is subject to periodic reviews previously scheduled or justified by significant changes, in order to provide an improvement in applicability, suitability and effectiveness.<\/p><p>\u00a0<\/p><p><strong>4.4. Review and communication of the general information security policy<\/strong><\/p><p>The Information Security Policy will be subject to annual review or whenever significant changes are made, in order to ensure its continued applicability, suitability and effectiveness.<\/p><p>\u00a0<\/p><p>Public Document<\/p><p>10\/31\/2023<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>General External Information Security Policy 1. Scope and objective The Information Security Policy applies to all information that is under the responsibility of Coutinho Rebelo Advogados (hereinafter referred to as CRA), regardless of the recording medium, including, in particular, databases, any IT environment, documents, files and other technological and\/or application tools. The objective of the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-4323","page","type-page","status-publish","hentry"],"blocksy_meta":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>General External Information Security Policy - Coutinho Rebelo Advogados<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"General External Information Security Policy - Coutinho Rebelo Advogados\" \/>\n<meta property=\"og:description\" content=\"General External Information Security Policy 1. Scope and objective The Information Security Policy applies to all information that is under the responsibility of Coutinho Rebelo Advogados (hereinafter referred to as CRA), regardless of the recording medium, including, in particular, databases, any IT environment, documents, files and other technological and\/or application tools. The objective of the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"Coutinho Rebelo Advogados\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-13T13:56:46+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/\",\"url\":\"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/\",\"name\":\"General External Information Security Policy - Coutinho Rebelo Advogados\",\"isPartOf\":{\"@id\":\"https:\/\/www.coutinhorebelo.com\/#website\"},\"datePublished\":\"2023-09-04T10:25:16+00:00\",\"dateModified\":\"2023-10-13T13:56:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"In\u00edcio\",\"item\":\"https:\/\/www.coutinhorebelo.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"General External Information Security Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.coutinhorebelo.com\/#website\",\"url\":\"https:\/\/www.coutinhorebelo.com\/\",\"name\":\"Coutinho Rebelo Advogados\",\"description\":\"Num mar de leis, o seu farol.\",\"publisher\":{\"@id\":\"https:\/\/www.coutinhorebelo.com\/#organization\"},\"alternateName\":\"Coutinho Rebelo\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.coutinhorebelo.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.coutinhorebelo.com\/#organization\",\"name\":\"Coutinho Rebelo Advogados\",\"alternateName\":\"Ant\u00f3nio Coutinho Rebelo\",\"url\":\"https:\/\/www.coutinhorebelo.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.coutinhorebelo.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.coutinhorebelo.com\/wp-content\/uploads\/2023\/06\/coutinho_rebelo-logo-pt.svg\",\"contentUrl\":\"https:\/\/www.coutinhorebelo.com\/wp-content\/uploads\/2023\/06\/coutinho_rebelo-logo-pt.svg\",\"width\":222.1,\"height\":100,\"caption\":\"Coutinho Rebelo Advogados\"},\"image\":{\"@id\":\"https:\/\/www.coutinhorebelo.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"General External Information Security Policy - Coutinho Rebelo Advogados","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/","og_locale":"en_US","og_type":"article","og_title":"General External Information Security Policy - Coutinho Rebelo Advogados","og_description":"General External Information Security Policy 1. Scope and objective The Information Security Policy applies to all information that is under the responsibility of Coutinho Rebelo Advogados (hereinafter referred to as CRA), regardless of the recording medium, including, in particular, databases, any IT environment, documents, files and other technological and\/or application tools. The objective of the [&hellip;]","og_url":"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/","og_site_name":"Coutinho Rebelo Advogados","article_modified_time":"2023-10-13T13:56:46+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/","url":"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/","name":"General External Information Security Policy - Coutinho Rebelo Advogados","isPartOf":{"@id":"https:\/\/www.coutinhorebelo.com\/#website"},"datePublished":"2023-09-04T10:25:16+00:00","dateModified":"2023-10-13T13:56:46+00:00","breadcrumb":{"@id":"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.coutinhorebelo.com\/en\/general-external-information-security-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"In\u00edcio","item":"https:\/\/www.coutinhorebelo.com\/en\/"},{"@type":"ListItem","position":2,"name":"General External Information Security Policy"}]},{"@type":"WebSite","@id":"https:\/\/www.coutinhorebelo.com\/#website","url":"https:\/\/www.coutinhorebelo.com\/","name":"Coutinho Rebelo Advogados","description":"Num mar de leis, o seu farol.","publisher":{"@id":"https:\/\/www.coutinhorebelo.com\/#organization"},"alternateName":"Coutinho Rebelo","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.coutinhorebelo.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.coutinhorebelo.com\/#organization","name":"Coutinho Rebelo Advogados","alternateName":"Ant\u00f3nio Coutinho Rebelo","url":"https:\/\/www.coutinhorebelo.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.coutinhorebelo.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.coutinhorebelo.com\/wp-content\/uploads\/2023\/06\/coutinho_rebelo-logo-pt.svg","contentUrl":"https:\/\/www.coutinhorebelo.com\/wp-content\/uploads\/2023\/06\/coutinho_rebelo-logo-pt.svg","width":222.1,"height":100,"caption":"Coutinho Rebelo Advogados"},"image":{"@id":"https:\/\/www.coutinhorebelo.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/pages\/4323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/comments?post=4323"}],"version-history":[{"count":7,"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/pages\/4323\/revisions"}],"predecessor-version":[{"id":4330,"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/pages\/4323\/revisions\/4330"}],"wp:attachment":[{"href":"https:\/\/www.coutinhorebelo.com\/en\/wp-json\/wp\/v2\/media?parent=4323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}