Skip to main content
Information to the interested party on data protection

3.8. Security measures

The processing of personal data has been evaluated through a risk analysis that has made it possible to obtain the list of technical and organizational measures necessary to avoid the accidental or illicit destruction, loss or alteration of personal data transmitted, preserved or otherwise processed, or the unauthorized communication or access to said data, which may in particular cause physical, material or immaterial damage.

The measures adopted take into account the state of the technology, the nature of the data and the risks to which they are exposed and are periodically reviewed to ensure their adaptation to new situations or risk scenarios.

These measures have been applied in accordance with the approved Adaptation Plan, and in summary, they include the following aspects:

Information Security Policy

The Tax Agency has an Information Security Policy that establishes the general provisions and guiding principles regarding Security.

Regulatory and Procedural Framework

The general provisions of the Policy are specified and developed in a Regulatory and Procedural Framework for Security Management that helps the definition and implementation of protection measures and security controls.

Security Governance Model

Security Management is articulated through a Government Model that defines and materializes the necessary roles, functions and responsibilities.

Information Security Management System (ISMS)

In terms of Information Security, the Tax Agency has an ISMS in accordance with the requirements of the National Security Scheme (ENS) for the services and physical infrastructures of its data centers.

Data Processing Center Infrastructures (CPD)

Compliance with security requirements regarding physical access and protection of general infrastructure is guaranteed in the CPD of the Tax Agency: electrical supply, air conditioning, communications, etc.

Security awareness and training

The Tax Agency has an internal Training Program for the dissemination of the basic principles of action and security procedures, in order to guarantee regulatory and legal compliance by employees.

Management procedure and response to security incidents

The Tax Agency has an incident management process and an incident response team, through which it covers the complete life cycle of security incidents, from detection and registration, to its resolution, including analysis, typing, immediate response and notification.