Log in

Security politics

Security politics establishes guidelines and principles established by aTurnos to guarantee information’s protection, as the compliance with the defined security objectives, assuring confidentiality, integrity and availability of information systems and of course, guaranteeing the compliance of all legal obligations applied.

aTurnos director, being conscious about the importance of security in the labor sector, assumes and has the following compromises regarding the system of management and security’s information (SMSI):

  1. Assure that objectives of information’s security are established, and aligned with company’s strategies.
  2. Assure the security’s requisite are integrated in the organization processes.
  3. Assure necessary resources for the management system.
  4. Communicate the importance of a security management efficient and regarding the requisite of the system of management of the information’s security.
  5. Assure that the system of management of the information’s security obtains the forecasted results.
  6. Lead and support people, to contribute the efficiency of the system of management of the information’s security.
  7. Promote the improvement of the system of management.
  8. Support the appropriate roles to demonstrate its leadership applied to their responsibility areas.

To do so, the director will assure that the aTurnos’ staff complies with the politic regulations, procedures and instructions related to information’s security.

Though the development of your system of management and security’s information, aTurnos pretends to guarantee the next security objectives:

  1. Assure confidentiality, integrity and information's availability.
  2. Comply with all the legal applicable requisites.
  3. Have a continuity plan that allows recover processes and activities through an incident, in the less time possible.
  4. Train and educate all employees in security matter of information.
  5. Train and educate all employees in security matter of information.
  6. Satisfy expectations and necessities in clients, employees, providers and the rest of parts interested.
  7. Manage properly all the incidences occurred.
  8. All employees will be informed about their functions and security obligations and they are responsible of its compliance.
  9. Improve continuously the SGSI, and the information’s security of the organization.

To assure the correct development of the management system and comply with the objectives and requisites established, the director of aTurnos has designed a responsible of SGSI and a Security committee that will veil for the compliance of guidelines marked by the present politic.

Política de Privacidad

By accessing to our website, aTurnos will collect certain information about you during their use, such as the username or email. If you visit our site to manage your shift/working hours planning and view your colleagues’, we collect and save only that information about you an your group. This information will not be shared to third parties, unless under a specific contract with the company or the integration configured with third parties by the team’s administrator The information that aTurnos has about you automatically is:

` 1. The email such as the login of the system access.`

` 2. The date and hour of access to our site by the user.`

` 3. Shifts that you or the person with administrator role has registered in the system. Automatically or manually.`

` 4. The telephone to be shared with your colleagues is not obligatory.`

If you are identified by using an email with personal information, the information collected will be used specifically to answer to your message.

It also exists information non obligatory but that can be useful to your colleagues such as mobile phone, social media accounts, which will never be used wit third parties by aTurnos and will only be started through user’s request.

By being a collaborative system, and validating the email account, you allow other users of your service inside of your same shift to view shift data and personal information shared, that will only be accessible by this group.

Information collected is only for statistics purposes. aTurnos can use software program to create statistic summaries that will be used for purposes such as evaluate the number of visits to the different sections of our site. With that you we try to learn which information has the most or the less interest, determine technical design specifications and the efficiency of the system identification or problematic areas.

By security reasons of the site and to assure this service is still available to all users, aTurnos uses software programmes to monitorize the network traffic to identify unauthorized attempts to charge or change information, or provoke damage.

aTurnos will not obtain personal identification information about you when you visit our site, unless you decide to provide us that information, nor information sold and transferred to third parties without the user's approval in the moment of the collection.

Information of people under 16 years old is not accepted.

Any transference of your information, such as social media has to be validated by you inside your account’s configuration, never by default.

Seguridad y Fiabilidad

Seguridad

aTurnos ofrece muchas herramientas que pueden mejorar la gestión de personal de manera exponencial pero es importante que protejas la seguridad de las comunicaciones, para ello forzamos el uso del protocolo HTTPS para el cifrado de las comunicaciones entre tus terminales y los servidores de aTurnos. Además, te recomendamos realizar un correcto uso de tu contraseña sin compartirla con terceros, defínela de forma robusta no utilizando palabras conocidas, no solamente utilizando números y letras, ni información personal.

Los servidores de aTurnos se encuentran localizados en Irlanda dentro de la legislación UE, están alojados y replicados en la estructura de Amazon Web Service (AWS) donde se realizan copias de seguridad diarias de los datos. AWS ha obtenido la certificación ISO 27001 y ha sido validado con éxito como proveedor de servicio de Nivel 1 conforme al Estándar de seguridad de datos (Data Security Standard, DSS) del sector de tarjetas de pago (Payment Card Industry, PCI). AWS se somete cada año a auditorías SOC 1 y han recibido una evaluación satisfactoria en el nivel Moderado correspondiente a sistemas del gobierno federal, así como en el nivel 2 DIACAP para sistemas DoD.

Group Conversia ha auditado el software de aTurnos y corrobora que cumple con los siguientes aspectos del RD 1720/2007: Documento de Seguridad, Encargado de tratamiento, Prestaciones de servicios sin acceso a datos personales, Régimen de trabajo fuera de los locales de la ubicación del fichero, Funciones y obligaciones del personal, Registro de incidencias, Control de acceso, Gestión de soportes y documentos, Identificación y autentificación, Copias de respaldo y recuperación, Acceso a datos a través de redes de comunicaciones, Criterios de archivo, Almacenamiento de la información, Custodia de soportes, Registro de accesos, Telecomunicaciones

Reliability

El sistema aTurnos se encuentra almacenado en Amazon Web Service (AWS) EC2, los cuales ofrece un entorno muy fiable en el que las instancias de sustitución se pueden enviar con rapidez y anticipación. El servicio se ejecuta en los centros de datos y la infraestructura de red acreditados de Amazon. El compromiso del Acuerdo a nivel de servicios de Amazon EC2 es de una disponibilidad del 99,95% en cada Región de Amazon EC2.


Arquitectura aTurnos


VERESTADODEATURNOS

Management’s system objectives

  • Assure confidentiality, integrity and information's availability.
  • Cumplir todos los requisitos legales, reglamentarios y contractuales de seguridad de la información aplicables a la organización.
  • Conocer y gestionar los riesgos de seguridad de la información.
  • Establecer periódicamente objetivos de mejora alineados con la presente política.
  • Satisfacer las expectativas y necesidades de las partes interesadas.
  • Train and educate all employees in security matter of information.
  • Gestionar adecuadamente todos los incidents de seguridad ocurridos.
  • Informar a todos los empleados de sus funciones y obligaciones de seguridad y la responsabilidad de cumplirlas.
  • Improve continuously the SGSI, and the information’s security of the organization.

La Dirección garantizará que el SGSI y la función de Seguridad en aTurnos disponen de los recursos necesarios para su adecuado funcionamiento y el cumplimiento de los objetivos indicados.

Send us your question

Su consulta ha sido enviada