CYBERSECURITY

To safeguard corporate information privacy and security, Grupo Lamosa has developed a cybersecurity strategy based on ISO 27000 standards. This preventive strategy is structured around three key pillars: people, technology and processes.

Grupo Lamosa’s Information Security Committee leads this strategy, establishing and implementing a governance framework and control environment focused on information protection. Additionally, the company has a Corporate Information Security, Risk Management and Confidentiality Policy, which defines the guidelines necessary to ensure the proper use and protection of all managed data and assets.

In response to increasing digitalization, Grupo Lamosa has adopted the NIST Cybersecurity Framework, which provides structured guidance for managing and reducing cyber risks.

The Information Security Program, a core element of this strategy, includes robust controls for corporate devices, such as authentication processes, antivirus protection, reporting channels for security incidents, employee training on information security policies and cybersecurity measures.

Moreover, all security systems undergo an annual vulnerability assessment through independent penetration testing (Pentest), evaluating three fundamental areas: technology, processes and people.

In 2024, Grupo Lamosa reported no data breach claims or compromised information incidents. The company has further strengthened its security controls by implementing multi-factor authentication, enhancing remote access security, migrating to a new antivirus system and deploying a technology mapping strategy to prevent data leaks.