SECURITY POLICY  /  VECTOR PACIFICO

Information
security
policy.

STANDARDISO/IEC 27001:2022
APPROVED BYPN
DATE07 January 2026
REVIEW CYCLEAnnual
INQUIRIESconsult@vectorpacifico.com
INTRODUCTION

This Information Security Policy Summary is established in compliance with ISO/IEC 27001:2022 standards to demonstrate Vector Pacifico's commitment to protecting the confidentiality, integrity, and availability of information assets.

As an Ecuador-based firm specializing in infrastructure analysis, physical security consulting, and cybersecurity analysis for telecom operators, infrastructure owners, and investors, we recognize the critical importance of safeguarding sensitive data against systemic risks and cascading failures.

This policy is made available to all VP employees, clients, vendors, and contractors to ensure transparency, accountability, and shared responsibility in maintaining robust information security practices.

In-depth and updated security policies are physically stored on-site and are accessible for review to all Vector Pacifico employees, contractors, vendors, and clients. PDFs are available on request.
SCOPE

This policy applies to all information assets owned, managed, or processed by Vector Pacifico, including:

  • Digital systems, networks, and data related to our consulting services in infrastructure intelligence, physical security audits, and cybersecurity threat modeling
  • Physical assets such as facilities in Ecuador and any remote or client-site operations
  • All personnel, including employees, contractors, vendors, and third-party partners
  • Information handled on behalf of clients, such as telecom infrastructure data, risk assessments, and post-event analyses

The scope excludes non-business-related personal data unless it intersects with company operations.

OBJECTIVES
  1. Protect client and proprietary information from unauthorized access, disclosure, alteration, or destruction
  2. Ensure the resilience of our communications and cyber infrastructure to support uninterrupted service delivery
  3. Identify, assess, and mitigate risks to information assets in alignment with our expertise in anticipating systemic failures
  4. Comply with applicable legal, regulatory, and contractual requirements, including Ecuadorian data protection laws and international standards for critical infrastructure
  5. Foster a culture of security awareness through ongoing training and communication
  6. Continually improve our Information Security Management System (ISMS) through regular reviews and audits

These objectives are reviewed annually or following significant changes to ensure alignment with business goals and emerging threats.

ROLES & RESPONSIBILITIES
TOP MANAGEMENT
Responsible for overall policy approval, resource allocation, and leadership in information security. Promotes risk-based thinking across the organization.
INFORMATION SECURITY MANAGER
Oversees the ISMS, conducts risk assessments, and ensures compliance with this policy.
EMPLOYEES & CONTRACTORS
Must adhere to security procedures, report incidents, and participate in training. Accountable for protecting information assets in their custody.
CLIENTS & VENDORS
Expected to comply with relevant security requirements when interacting with Vector Pacifico systems or data, as outlined in contracts or agreements.
SECURITY DOMAINS
RISK ASSESSMENT
Systematic identification, analysis, and evaluation of risks. Reviewed at least annually or after incidents. Treatment options: avoid, mitigate, transfer, or accept.
ASSET MANAGEMENT
All information assets identified, classified (confidential, internal, public), and protected accordingly — including hardware, software, data, and intellectual property.
ACCESS CONTROL
Access granted on a need-to-know basis with multi-factor authentication, role-based permissions, and regular reviews to prevent unauthorized access.
PHYSICAL SECURITY
Ecuador facilities and client sites protected through access controls, surveillance, and environmental safeguards against physical threats and infrastructure disruptions.
OPERATIONS SECURITY
Secure change management, capacity planning, malware protection, and regularly tested backups to maintain data integrity and availability.
COMMUNICATIONS SECURITY
Networks and information transfers secured using encryption and secure protocols, especially for client communications involving sensitive infrastructure data.
SUPPLIER RELATIONSHIPS
Vendors and contractors vetted for security compliance, with agreements including confidentiality clauses and audit rights.
INCIDENT MANAGEMENT
Incidents reported, investigated, and resolved promptly. Lessons learned incorporated into improvements, with notifications to affected parties as required by law.
BUSINESS CONTINUITY
Plans ensure continuity of critical operations including disaster recovery for cyber-resilience, aligned with our expertise in mitigating cascading failures.
COMPLIANCE

Vector Pacifico complies with all applicable laws, regulations, and standards. Non-compliance may result in disciplinary action, up to and including termination or legal proceedings.

This policy is reviewed annually or following significant incidents or changes by top management. Feedback from audits, risk assessments, and stakeholders drives continual improvement of the ISMS.

APPROVED BY
PN
07 JANUARY 2026
ISO/IEC 27001:2022 INFORMATION SECURITY MANAGEMENT SYSTEM