OMIP, as Energy Derivatives Exchange, is concerned with having a set of management tools in the following areas:
• Information Security and, in particular, Cybersecurity, in order to guarantee the integrity, availability and confidentiality of its information technology and information systems for which it is responsible (whether it was produced internally or entrusted to it within the scope of the functions it performs);
• Business Continuity, in order to guarantee an adequate response to any disruptive incident or disaster that affects people, material assets, information and / or business processes that support its activity, thus minimizing the potential negative impacts that such situations may cause in the organization , employees, business functions, customers, suppliers and other external entities.
The Information Security is defined by practices that ensure that information under the responsibility of an organization is only accessed or modified, during its storage, processing or transmission, by authorized persons, entities or systems. These practices include the necessary measures to detect, document and respond to threats to the integrity, availability and confidentiality of information.
Cybersecurity is defined as security of the information in Cyberspace.
The Business Continuity is defined as the capacity of the organization to continue its operation, with an adequate level of service quality provided, following a disruptive incident.
Thus, OMIP has implemented an Information Security Management System (mostly known as ISMS) and a Business Continuity Management System (mostly known as BCMS). These management systems aim to establish, implement, operationalize, monitor, review, maintain and improve information security and business continuity in OMIP, ensuring compliance with the legal requirements (european and national standards) to which OMIP is subject in within the scope of its regulated market activity and following the best international practices, such as ISO standards.
In order to establish the concepts and rules of the aforementioned management systems, general documents (Policies) were prepared, which were approved by the OMIP Board of Directors. These policies apply to all employees, interns, service providers and other OMIP partners.
In this sense, the following Policies establish the principles of OMIP with regard to the management of Information Security and Business Continuity: