|
  • Español
  • English
    • |08001-CURBNK(287265)
    Home  ›  Privacy Policy

    Privacy Policy

    INFORMATION SECURITY POLICY 

    The Information Security and Business Continuity Policy (“The Policy”) defines the commitment of Bancaribe Curacao Bank (“The Bank”) to effectively and efficiently manage the aspects related to information security based on the requirements outlined in the ISO 27001: 2013, in a coordinated, comprehensive manner, in compliance with legal regulations, sound practice and Corporate Governance standards in force in “The Bank,” as well as to identify potential threats to the organization and the impact on business operations that such threats if they were to materialize, could cause; and that provides a framework to increase the organization’s responsiveness to give an adequate response that safeguards the interests of its key stakeholders (shareholders, customers, employees, and society), reputation, brand and core value creation activities.

    Information, whether produced directly by the organization or entrusted to us by customers, suppliers, or other third parties with whom “The Bank” does business, is a valuable asset that must be adequately protected. Information security entails protecting information, which includes the support of information systems resources to protect them from a wide variety of threats, the nature of which is continually changing. These threats include or are represented by errors, omissions, fraud, accidents, and deliberate damage, whose origin may be within the organization itself or may be the result of external attacks.

    Information security is fundamental for “The Bank” to ensure its success in all areas of its business and to maintain its reputation. Information security policies, standards, procedures, systems controls, and training are an essential part of “The Bank’s” overall framework of internal controls, established to ensure that information in its custody is not misused, manipulated, and/or improperly disclosed without detection. Appropriate information security controls protect “The Bank’s” reputation and support “The Bank’s” policy of doing the right things correctly and dealing with the right people.

    “The Bank” owns or has the right to use all the information handled or kept in its systems., which is created, acquired, retained, and operated by “The Bank’s” employees during the development or execution of the business. Furthermore, by its obligation to supervise and manage the activities of “The Bank,” the Senior Management of Bancaribe Curacao Bank has the right to access or authorize the entry, examination, control, and investigation of all types of information, support application systems, and technological infrastructure.

    The objective of having a Business Continuity Management System for “The Bank” is to allow for the administration, planning, follow-up, control, and continuous improvement of the company’s business continuity strategy to guarantee the continuity of the critical operation in case of a contingency.

    1.1 Scope

    This Comprehensive Information Security and Business Continuity Policy of Bancaribe Curacao Bank is subject to and shall comply with the legal, regulatory, and prudential standards in force, as well as the internal regulations of “The Bank.”

    “The Policy” defines the manual and electronic protection requirements of the information recorded, processed, collected, shared, transmitted, or filed in an electronic format, as well as the supporting application systems and technological infrastructure. Data must be protected throughout its processing cycle, including production, collection, archiving, transmission, use, and final destruction. Additionally, information initially collected with the customer must be protected from the point of acquisition by “The Bank” to the end of delivery to the customer.

    If a unit authorizes an agreement stipulating that a third party may generate, collect, archive, use, transmit or dispose of the information on its behalf, that unit is responsible for being aware of the third party’s security procedures and practices and ensuring that it complies with the requirements of “The Policy.”

    1.2 Compliance

    Compliance with “The Policy” is mandatory for all persons or processes that have access to the information systems resources of “The Bank.” Furthermore, based on annual certification or recertification statements made by Bancaribe Curacao Bank’s Standards of Business Conduct, all employees at all levels are responsible for maintaining the accuracy, confidentiality, and security of communications, operations, and information.

    Deliberate or persistent attempts to violate “The Policy” will result in disciplinary action by Bancaribe Curacao Bank Human Resources.

    2.1 Statements of “The Policy.”

    “The Bank” shall employ proportionate means to ensure the confidentiality of the information in its custody, guarantee its integrity and ensure the availability and continuity of the supporting application systems and technological infrastructure.

    In addition, “The Bank” is committed to developing, implementing, providing the necessary resources, and maintaining and improving the business continuity strategy that will guarantee the operation of critical-mission activities in the event of a contingency.