Disclaimer

Security policy

Read our security policy.

Security policy

At Acumbamail, information security is a top priority. We are committed to ensuring the confidentiality, integrity and availability of our customers' data, protecting it against unauthorized access, loss or alteration. Our goal is to provide a secure and reliable service, complying with all applicable regulations.

To protect our information and that of our customers, we implement security measures integrated into our processes and promote a culture of protection and prevention. Our commitments include:

  • Integrate security in all processes and services.
  • Allocate the necessary resources to ensure efficient security management.
  • Train and raise awareness among our team on good practices in cybersecurity.
  • Apply an approach based on risk management.
  • Maintain continuity plans to guarantee operability in the event of incidents.
  • Continually review and improve our security policies and measures.
Goal

The purpose of this document is to establish the security policy for Acumbamail, ensuring compliance with all applicable legal obligations.

Application Scope

The security policy will be mandatory for all users of Acumbamail's systems and applicable to the assets necessary to provide the service, affecting the information processed by electronic means.

It shall be mandatory for all personnel who access both the information systems and the information managed by the company, regardless of their destination, assignment or relationship with the company.

Legal and regulatory framework

Acumbamail will take into account the requirements set forth by the applicable legal and regulatory framework in which the activities are carried out, identifying the following rules and regulations:

  • LOPD: Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
  • GDPR: Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Safety principles

The following fundamental security guidelines will be established, which will help to avoid compromising the confidentiality, integrity, availability, authenticity and traceability of the services and associated information.

Commitment of superior organs

Information security has the commitment and support of all management levels, which ensure its integration with the company's strategies. Management is committed to keeping this policy updated, guaranteeing its compliance and providing the necessary resources for its implementation and continuous improvement.

Integral process

Safety shall be understood as an integral process consisting of all the technical, human, material and organizational elements related to the system, avoiding, except in cases of urgency or necessity, any specific action or temporary treatment.

It will be integrated into daily operations and system design from the outset, promoting awareness and knowledge among employees.

Risk based safety management

The study and evaluation of the risks that may endanger the security of the information is developed. Likewise, the necessary measures will be applied to mitigate these risks based on their criticality, carrying out periodic evaluations to obtain the status of risk treatment management and mainly after security incidents.

Prevention, response and recovery

The security of the system will contemplate aspects of prevention, detection and correction, to ensure that threats do not affect the information and services it provides. To this end, management cycles based on risk planning and measurement, implementation of security measures and their subsequent re-evaluation will be carried out.

Defense line

Appropriate mechanisms will be implemented to ensure the availability of the information systems and maintain the continuity of its business processes, in accordance with the service level needs of its users, having as a priority to gain time for an adequate reaction to incidents, reducing the probability of the system being compromised and minimizing the final impact on it.

Periodic reevaluation

The management will periodically re-evaluate the security measures to adapt their effectiveness to the constant evolution of risks and protection systems, auditing and setting objectives as a commitment to continuous improvement of the system.

Differentiated liability

Acumbamail identifies a number of distinct roles and associated responsibilities for information security.

Minimum privilege

Acumbamail systems are configured following the principle of least privilege, ensuring that:

  • Each user, system or process has only the privileges strictly necessary to perform its functions.
  • Operation, administration and activity logging functions will be restricted to authorized personnel and will be secured by additional controls.
  • In an operating system, all functionalities that are not essential for the intended use shall be removed or deactivated.
  • The system shall be designed to make its ordinary use intuitive and safe, so that any attempt to perform unsafe actions requires a deliberate decision on the part of the user.
Security incidents

All security incidents will be notified to our customers. The security manager will be in charge of following up, completing the notifications established in the corresponding procedure, establishing the actions for its correction and communicating the resolution or status of the incident, as well as recommendations.

Business continuity

We maintain backup and recovery mechanisms to ensure that our customers' data is always accessible, even in the event of technical failures or cyber-attacks. Our infrastructure is designed to minimize disruptions and ensure continuity of service.

© 2025 Acumbamail. All rights reserved.