Information Systems Security Policy

Effective date: September 20, 2020

Information Systems Security Policy

For Levin & Riegner, LLC and its subsidiaries ("Liquid Crystal" and “L+R”) and the people and companies that depend on its services, information is one of its most valuable assets. It is a mission-critical factor without which the company could not carry out its business activity. L+R relies heavily on the quality of managing the use of this information accurately, completely and of obtaining it in a timely manner.

The company thus recognizes the importance of security measures in ensuring that the information is not affected by threats such as errors, fraud, embezzlement, sabotage, extortion, industrial espionage, privacy violations, outages and natural disasters. The Partners at L+R recognises its responsibility for developing security guidelines that allow it to minimize the potential risks to which it is exposed, thus helping the Company to achieve its strategic business objectives.

The purpose of this Information Systems Security Policy is to define the main guidelines leading to the formulation of Information Systems Security procedures. These procedures are aimed at safeguarding information, as mentioned in the previous paragraph.

The Information Systems Security Policy is based on the following key pillars that support data protection in L+R:
  • L+R’s information and information systems are critical assets that must be protected in order to ensure that they can function.
  • L+R’s information must be protected according to its vulnerability, value and mission-critical importance.
  • All L+R employees and third party partners have a responsibility to protect the information entrusted to them.
  • The protection of information allows L+R to carry out its business; protective measures must be developed according to a risk assessment.
  • The confidentiality, integrity and availability of information must be ensured to determine what protective measures are necessary. It must also be classified as Confidential, Internal Use or Public.
The principles around which Information System Security measures are built are:
  • Information must be protected throughout its lifecycle: from creation or receipt to processing, communication, transportation, storage, disclosure to third parties and eventual destruction.
  • L+R will protect information from non-authorized disclosure, manipulation or loss.
  • Third parties who have access to information owned by L+R must be under the control of defined information security standards.
  • Every employee has the obligation and duty to sufficiently protect information in compliance with L+R classifications and standards.
  • Information management procedures must be compliant with applicable law of the territory where that information is generated, transferred from or transferred to.

The Corporate Information Systems Security Policy will apply to all L+R workers, whether or not they are employees. This includes anyone from outside L+R with access to information belonging to or managed by the company. The policy also applies to all digital information and information systems owned or managed by L+R.

The Corporate Information Systems Security Policy contemplates classifying the levels of information sensitivity in order to guarantee commitments to controlling the optimum confidentiality, integrity and availability of the information.

This policy advocates classifying the information based on the following security levels:
  • Confidential: includes the most sensitive information for L+R that requires strong measures to protect it against unauthorised disclosure (confidentiality) and / or modification (integrity).
  • Internal use: applies to less sensitive information which is intended to be used internally in L+R. Unauthorized disclosure is against this policy although it is not expected to have a serious negative impact.
  • Public: applies to information which has been explicitly approved for public dissemination by L+R management.
The requirements of this Corporate Security Policy are as follows:
  • L+R’s Corporate Information Systems Security Policy is approved by L+R Partners.
  • Its content is mandatory for all L+R staff and subcontracted third parties.
  • The proposed corrective measures specify the people responsible for putting it into practice.
  • The implementation and enforcement of the Corporate Information Systems Security Policy should be verified and tested at previously defined intervals. 
  • The Corporate Information Systems Security Policy is a living document that is updated and amended through the same procedure used to establish it. The policy also has to be known by all members of the L+R organization.

L+R will enable all the means necessary to disseminate the procedures designed to promote the culture of control to all employees and outsourced personnel.

In this regard, L+R considers maintaining a high level of security awareness as a strategic objective. Consequently, L+R considers all the rules created for that purpose as binding for all personnel and subcontractors. Strict compliance with these rules must be observed at all times.

Software and System Agreements

For a comprehensive list of software utlized by the L+R team and the assocatated agreements click here.

New YorkBarcelonaMilanLos AngelesNew YorkBarcelonaMilanLos Angeles
New YorkBarcelonaMilanLos AngelesNew YorkBarcelonaMilanLos Angeles
© 2022 Liquid Crystal. A Levin & Riegner company.By using this website you consent to the usage of cookies
Start a conversation

Start a conversation