The management of the Asociación Colombiana de Otorrinolaringología y Cirugía de Cabeza y Cuello, Maxilofacial y Estética Facial (ACORL), taking into account the importance of proper information management, is committed to the implementation of an information security management system.

For ACORL, the protection of information seeks to reduce the impact generated on its assets, by the risks identified systematically in order to maintain a level of exposure to ensure the integrity, confidentiality and availability of the same, according to the needs of the different stakeholders identified.

In accordance with the above, this policy applies to the Association as defined in the scope, its officers, third parties, interns, suppliers and citizens in general, taking into account that the principles on which the development of actions or decision making around the security and privacy of information is based will be determined by the following processes:

• Daily and weekly backup; in case of any incident it is possible to perform a rollback process and return the web environment to a previous state.ackup (Daily and weekly).
• Our incident management team will be behind the service mitigating any server and web application vulnerability that could be generated.
• WHM and Cpanel update processes will be performed.
• Our servers are protected with a WAF, web application firewall, which protects web applications from certain specific attacks on the Internet such as: Cross-site scripting which consists of the inclusion of malicious script code in the client that queries the web server.
• SQL injection that introduces a SQL code that violates the server's database.

Adjustments will be made to our information security policies, in accordance with the ISO 27001 standard.