Lynx black logo
Lynx Fraud Prevention
Lynx AML
Lynx Money Mule Account Detection
Articles
Blogs
Data Sheets
Podcasts
Success Stories
Webinars
Whitepapers

Cybersecurity Policy

Information Security Policy

1. OBJECTIVE

The purpose of this policy is to establish the general guidelines and Lynx’s commitment to the management of information security and cybersecurity risks. This policy constitutes the reference framework for the Information Security Management System (ISMS), based on the ISO 27001 standard, which exists at Lynx Financial Crime Tech.

2. DETAIL

The Information Security Policy of Lynx Financial Crime Tech (hereinafter Lynx or the company), establishes the principles that the company follows to guarantee the confidentiality, integrity and availability of information, while guaranteeing legal obligations in terms of cybersecurity and aligning controls with compliance with the company’s cybersecurity objectives and strategy.

Lynx is aware of the importance of information security, and therefore assumes the following commitments with respect to the Information Security Management System (ISMS):

  • Ensure that a cybersecurity and information security strategy and objectives are established that are aligned with the company’s strategy and its business.
  • Ensure that cybersecurity requirements and procedures are integrated into the company’s processes.
  • Ensure the necessary resources to design, implement, maintain and improve the Information Security Management System.
  • Communicate and raise awareness about the importance of having cybersecurity management mechanisms in place and in accordance with the requirements of the information security management system.
  • Ensure that the information security management processes and system achieve adequate and effective results.
  • Direct and support teams and individuals to contribute to the effectiveness of the Information Security Management System.
  • Promote continuous improvement in cybersecurity.
  • Support relevant cybersecurity roles to demonstrate leadership applied to their areas of responsibility.

To this end, management will ensure that Lynx personnel comply with regulations, policies, standards, procedures and guidelines relating to information security.

By developing its Information Security Management System, Lynx aims to ensure the following security objectives:

  • Ensure the confidentiality, integrity and availability of information.
  • Comply with all applicable legal requirements regarding cybersecurity.
  • Train and raise awareness among all employees in information security.
  • Meet the security expectations and needs of customers, employees, suppliers, regulators, the Board of Directors and other interested parties.
  • Appropriately manage all incidents and incidents related to information security.
  • Have a continuity plan that allows processes and activities to be recovered in the event of an incident in the shortest possible time.
  • Inform employees of their security functions and obligations, as well as their responsibility to comply with them.
  • Continuously improve the ISMS and therefore the organization’s information security. To ensure the correct performance of the Management System and to comply with the established objectives and requirements, an ISMS Manager and a Committee have been appointed to ensure compliance with the guidelines set out by this policy.

ISMS Comittee – Versión 1.0 (June 2024)

 

Business Continuity Policy

1. INTRODUCTION

Lynx, as part of the defined strategy for the correct business development, considers that some threats can disrupt our business operations and to our provision of services (such as infrastructure failures, cyberattacks, natural disasters, pandemics…). Therefore, it is committed to evidence to interested parties that, in the event of an incident or crisis scenario, the organization is prepared and has plans that allow normal operations to be restored in the expected times, avoiding or minimizing the impact that the interruption of services could cause.

In order to develop this policy, Lynx is committed to planning, establishing, implementing, operating, supervising, reviewing, maintaining and improving a business continuity management system (BCM) based on the UNE-ISO/IEC 22301:2019 standard, which adequately covers all the necessary requirements to ensure that the processes contemplated in the scope are managed in accordance with the requirements contemplated in said standard 

2. OBJECTIVE

Establish the general framework that guarantees the correct development, implementation, review and improvement of the Business Continuity Management System (BCMS) implemented in the organization that ensures:

  •  The preservation and continuity of the organization’s processes and activities in the event of a disruptive incident.
  •  An adequate and timely response to the materialization of a risk included in the organization’s risk analysis and linked to both the organization’s current threat catalog and its internal services catalog, which cause a scenario of lack of availability of any of the basic components of Lynx’s activity: people, infrastructure, technology, information and suppliers.
  • The reduction of the impact of possible catastrophes on business activities, guaranteeing that essential data and functions are preserved or, if not possible, that such data or functions are recovered, promptly and progressively, until normality returns. 

3. SCOPE

This policy applies to all Lynx processes and activities and is mandatory for all personnel in the organization. 

4. DETAIL

The Lynx BCMS policy is based on the following principles:

  • The protection and safety of people is the first premise and priority objective, both in normal situations and in a crisis situation resulting from a disaster.
  • The appointment of representatives from the different areas with the appropriate experience and knowledge, so that they actively participate in the preparation, implementation, review, testing and updating of the Business Continuity Plans.
  • The development and implementation of the Lynx Business Continuity Plan taking into account the internal areas and departments, suppliers and services and using appropriate and proportionate systems, resources and procedures.
  • The use of the synergies generated in the development and implementation of the Business Continuity Plan, considering the common means and resources available to the organization.
  • The adoption of reasonable measures for the operational continuity of processes and activities, based on the criticality of these established by the organization.
  • The inclusion of security and reliability criteria that reasonably guarantee the continuity of critical services provided by third parties, in the event of their outsourcing.
  • The development, within the Business Continuity Plan, of appropriate communication procedures, both internal and external, that enable the correct execution of these, as well as the timely provision of information to all interested parties.
  • The communication to all staff of their responsibilities and the procedures that are their responsibility, within the framework of business continuity, through awareness-raising and training tasks.
  • The development of a Business Continuity Management System that contemplates the carrying out of reviews, tests and updates of the Business Continuity Plan periodically or in the event of significant changes, in a process of continuous improvement of the same.
  • The permanent willingness to collaborate with the authorities in the event of disaster or need, as part of the spirit of service that permeates all of Lynx’s actions and the responsibility towards the society in which it operates. 

BCMS Comittee – Versión 1.0 (December 2024)