Sign In
LinkedIn Instagram Twitter Facebook Spotify Youtube

​​​​

Policies, Terms and Conditions

Information Security and Privacy Policy

UPRA is committed to the responsible handling of information assets, used throughout the activities included within each of its processes, required to guide public policy planning in land management for agricultural use, contributing to productivity and competitiveness, legal security of land tenure, and efficient use of rural land.

Therefore, the Unit seeks to protect the confidentiality, integrity, and availability of the various information assets by adopting the Information Security Model defined by MinTIC, developed through institutional Information Security Management, aligned with the ISO 27001 standard. It also manages information security risks and promotes a culture of best practices.

Premises

  • Define, implement, operate, and continuously improve Information Security Management to identify and mitigate risks to institutional information.
  • Define, maintain, and update security requirements associated with the context of UPRA, for which related documentation on UPRA's Information Security elements must be reviewed and kept updated, valid, and operational, according to the Entity's needs, ensuring all involved parties know and apply it.
  • Define information security responsibilities for personnel related to the handling of UPRA's information assets, ensuring the necessary competencies for assigned tasks.
  • Effectively communicate aspects associated with Information Security elements to all involved parties, generating a culture of information security.
  • Incorporate information security into the activities of defining Plans, Objectives, Strategies, programs, and projects generated from UPRA's strategic processes.
  • Define guidelines, standards, procedures, or other tools to address information security based on the security domains defined in the Information Security and Privacy Model and the NTC ISO-IEC 27001:2013 Standard.
  • Implement a continuous improvement process in applying required controls to manage inherent information security risks in information assets and the declaration of applicability.
  • Ensure the protection of information and its appropriate handling, as well as the different types of assets interacting with information guarded by UPRA.
  • Comply with legal requirements for information security and privacy, defined by applicable regulations to the Entity.
  • Maintain updated information security guidelines to ensure their validity, effectiveness, and compliance with the Entity's strategic guidelines.
  • Strengthen institutional capacity to Identify, Protect, Detect, Respond, and Recover from potential materializations of risks.

Objectives

  • Implement technical, administrative, and legal controls focused on protecting the confidentiality, integrity, and availability of information and mitigating events that generate economic, reputational, or legal impacts, in accordance with the Entity’s Declaration of Applicability.
  • Raise awareness among all entity users about the importance of information security to generate and strengthen the culture in this area and the application of best practices regarding the proper treatment and protection of information assets.
  • Manage all information security incidents or events.
  • Analyze vulnerabilities on institutional information assets.
  • Implement the Information Security and Privacy Model (MSPI) according to the guidelines of the Ministry of Information and Communication Technologies.

Scope

The scope of this policy corresponds to the development of all information security elements applicable to all processes of the Rural Land Planning Unit: strategic, mission-oriented, support, and evaluation processes.

Application Area

Compliance with the General Information Security and Privacy Policy and the Specific Information Security Policies is mandatory for officials, contractors, suppliers, and, in general, any user related to institutional information assets; in case of violations, the Entity reserves the right to take administrative, contractual, and/or legal actions as appropriate.

Reviews and/or Updates

Information security policies will be reviewed annually and updated when significant changes occur in the Entity's internal and/or external context.

Updating the Information Security Model is dynamic, meaning that actions carried out within this framework must be continuously documented. At least once a year, progress must be presented to CIGDE or its equivalent.

At least every three years, the phases of the Plan, Do, Check, Act (PDCA) cycle of implementing Information Security Management elements must be restarted.

Management Commitment

The General Directorate, the General Secretariat, the Technical Directorates, the IT Department, and advisors express their commitment to continuous improvement in information security and to encourage Entity collaborators to assume this institutional commitment.​
Seleccione esta opción como atajo para volver al inicio de esta página.