Contact us
Contact us

Information security

1. Aim

At AERTEC, we take information security very seriously. Our aim is to protect the information of our clients, employees and partners, thus ensuring that it is always kept secure, available and accurate so that we can provide them with a reliable high-quality service.

2. Scope

This policy applies to all employees, contractors and third parties who handle information related to our consulting activities in the aerospace sector.

3. Key principles

We are aware that we use IT services or systems to carry out all our business processes and we are mindful that we must play an active role in ensuring that all our operations are secure. We therefore observe the following security principles:

  1. Confidentiality
    • Data protection: sensitive information can only be accessed by authorised persons.
    • Privacy: we respect the privacy of our clients and employees, complying with all data protection laws and regulations.
    • We take responsibility for the data and applications we handle at all times to prevent any data leaks.
  2. Integrity
    • Information accuracy: we keep all information accurate and complete, preventing any unauthorised changes to it.
    • Responsibility: each employee is responsible for the accuracy of the information they handle.
  3. Availability
    • Secure access: we ensure that the information is available to the people who need it, whenever they need it.
    • Business continuity: we have plans in place to ensure that our services continue in the event of an outage.
  4. Compliance and regulations
    • Domestic and international regulations are becoming increasingly strict on information security. Therefore, we are aware that it is important to comply with all the company's information security policies and any specific policies for the projects we work on.

4. Roles and responsibilities

  • All employees: we each have a responsibility to comply with this policy and report any security incidents.
  • IT Department: it manages our technology infrastructure and ensures that our systems are protected against threats.
  • Information Security Officer: he/she monitors compliance with this policy and coordinates our response to any security incidents.
  • Third parties: they must comply with AERTEC's security policies or their own equivalent policies, ensuring that security measures are implemented throughout the supply chain.

5. Security measures

  1. Prevention
    • Secure login credentials and passwords: we must all safeguard our login credentials and passwords, only use them to do our work, and ensure that they are secure.
    • Control and access permissions: we can only access sensitive, confidential or critical information if we are authorised to do so.
    • Information classification: we are always aware of the confidentiality of the information we are working with and we classify and protect the information accordingly, complying with all security regulations.
    • Security by default: in any company process, system or activity, we always put information security first, assessing the risks to which we are exposed.
    • Physical security: we do not forget that physical security is an important part of information security, and we take the necessary precautions with the devices we use and the facilities in which we work.
    • Ongoing training: we are aware of our obligation to provide regular security training within the company to stay up to date with the best security practices.
    • Internal regulations: we are familiar with the internal security regulations published by AERTEC, and we know how to use IT systems and services securely.
  2. Detection
    • Continuous monitoring: at AERTEC, we continuously monitor the operation of our services, infrastructure and equipment to detect anomalies and act quickly in the event of any incident.
  3. Response and recovery
    •  Incident management: we have put in place mechanisms within the company to respond effectively to security incidents, e.g. by appointing a point of contact to liaise with third parties and implementing information sharing protocols.
    • Continuity plan: to ensure the availability of critical services, we have also developed ICT system continuity plans as part of our overall business continuity plan and recovery activities.

6. Compliance

  • Internal compliance: we are committed to complying with all company security policies and regulations, as this helps to safeguard the security of AERTEC and our clients.
  • Legal compliance: we comply with all applicable laws and regulations, including the General Data Protection Regulation (GDPR) and other relevant aerospace and information security regulations.
  • Review and update: we are committed to continuously improving our security practices. We review and update this policy regularly to adapt to new threats and technologies.

7. Incident management

If we discover or suspect a security issue, whether it affects us or our relationship with third parties, we are required to report it immediately to our IT team via the usual point of contact or by emailing security@aertecsolutions.com. We will respond quickly to minimise any impact, contact other related parties and manage a coordinated response.

8. Continuous improvement

We are committed to continuously improving our security practices. Goals are set and regularly planned and measured. We review and update this policy regularly to adapt to new threats and technologies or any changes in the company’s requirements. And, of course, we conduct regular internal and external audits of our systems to ensure that everything is running smoothly.

9. Conclusion

Information security at AERTEC is everyone's responsibility. With your help, we can protect our information and maintain the trust of our clients and partners.

Last updated: 12 March 2025

Contact us

Contact