INFORMATION SECURITY ISO 27001 AND ENS

Fraternidad-Muprespa, Mutua Collaborator with Social Security, no. 275 has implemented a Information Security Management System (ISMS) according to the norm UNE-ISO/IEC 27001:2022. The SGSI was audited and certified for the first time by the Spanish Association for Standardization and Certification, AENOR, in December 2010 and since then this entity has carried out the corresponding periodic audits, all of which have been successfully passed. The scope of the SGSI is the set of all computer applications and services developed by the General Subdirectorate of Information Systems, including, among others, healthcare medicine applications, electronic medical records and other developments resulting from the digitalization process undertaken by the Mutua.

This certificate takes on special importance in an environment in which personal data that is part of the of special categories of data such as the health of workers treated at the Mutua's healthcare centers. All of this is materialized in the Information Systems Security Policy, which guarantees the commitment and diligence of the Management.

In addition, in 2024 the certification of the Digital Office has been received according to the National Scheme SecurityHTMLTAG40___, regulated in Royal Decree 311/2023 of January 8. The certification has been issued by AENOR and its scope extends to the digital services provided by the Mutual Fund to the users of its Digital Office, that is: associated companies, collaborating consultancies, affiliated self-employed workers, suppliers and insured employees. The National Security Scheme is applicable to the entire public sector, and therefore to data processing personal data for which it is responsible, maintaining the standard established in the previous legislation regarding data protection data, which, although it is not currently mandatory, the entity considers it essential for adequate protection thereof.The company responsible for this audit, which is contracted in accordance with the Public Sector Contracts Law through an open procedure with advertising, issues a certificate of completion of the audit that is available to our companies, self-employed workers and protected workers, as well as the rest of the agents of interest, including the Spanish Data Protection Agency.

In short, the objective that Fraternidad-Muprespa pursues with this management system is to offer a set of information systems that support the service provided to all its mutual members, guaranteeing compliance with regulations and security in each of its dimensions, that is; integrity, availability, confidentiality, traceability and authenticity, which is reflected in a quality service aligned with its principles of Social Responsibility Corporate.

Fraternidad-Muprespa was the first Mutual to certify all its computer systems under the ISO 27001 standard, including healthcare medicine applications.