Information Security Policy
- Italy
- Lithuania
- Poland
- Palma
- Portugal
- Spain
- Turkey
- Argentina
- Brazil
- Chile
- Dominican Republic
- Uruguay
Information Security Policy
Our commitment
At TwentyfourSevenGroup, information security is the foundation of the trust that brands, agencies, production companies, talent and partners place in us. We treat information —and especially our clients’ unreleased audiovisual material and intellectual property— as a critical asset that we protect throughout its entire lifecycle.
Our leadership drives and supports an Information Security Management System (ISMS) aligned with the international standard ISO/IEC 27001:2022. Protecting the confidentiality, integrity and availability of information is the responsibility of everyone who acts on behalf of the Group.
The principles that guide us
Every security decision across the Group is governed by six principles:
- Confidentiality, integrity and availability: we ensure information is accessible only to those who should access it, that it is accurate and reliable, and that it is available when needed.
- Defense in depth: we combine layers of physical, logical, organizational and human controls; no single measure stands alone.
- Least privilege: each person accesses only what is strictly necessary for their work.
- Segregation of duties: we separate who requests, who approves and who performs sensitive operations.
- Traceability: every relevant action on information is logged and attributable.
- Continuous improvement: we review, measure and improve our controls on an ongoing basis.
How we protect your information
Access control and authentication. We apply multi-factor authentication and a least-privilege model to access systems and services. Access always uses personal credentials; we do not allow shared accounts or anonymous access to confidential information.
Encryption and data protection. We encrypt sensitive information both in transit and at rest, and manage keys under strict control, so that data stays protected at all times.
Threat protection. We keep our platforms updated and securely configured, protected against malware and intrusions, with vulnerability management and continuous monitoring of security events.
Asset classification and management. We inventory and classify information according to its sensitivity and apply protection measures proportional to its criticality throughout its lifecycle.
Physical security. We protect our offices, data centers and editing and post-production suites with access controls, video surveillance and environmental safeguards for equipment and media.
Service continuity. We identify critical services and processes and maintain continuity and recovery plans that we test regularly to respond to any contingency.
Protecting content and intellectual property
We know that our clients’ unreleased audiovisual material is one of their most valuable assets. We protect embargoed content and intellectual property through confidentiality agreements (NDAs), access control to production and post-production areas and systems, and traceability of media throughout the project.
Incident management
We have a structured process to detect, contain and resolve security incidents in a confidential and traceable manner. Where required by law or contract, we notify the relevant authorities and affected parties without undue delay.
Privacy and compliance
We process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable law, under the supervision of our Data Protection Officer. We meet our legal and contractual obligations regarding data protection, intellectual property and information security.
People and security culture
Security is everyone’s responsibility. Our team receives initial and recurring training, awareness campaigns and regular drills, to keep a living security culture across the organization.
Security with our suppliers
We require suppliers and partners with access to our information or systems to meet security levels equivalent to our own, formalized through confidentiality agreements and specific contractual security clauses.
Certification and continuous improvement
Our Information Security Management System is certified to ISO/IEC 27001:2022 (certificate no. Q-031/23/1) and undergoes regular internal and external audits. Security is not a state you reach once, but a practice we continuously improve.
Security contact
Have a security question or want to report a potential vulnerability? Email us at security@twentyfoursevengroup.xyz. We treat all security communications confidentially and welcome responsible disclosure.
This policy applies to TwentyfourSevenGroup and all companies within the Group. You can find the full list of Group entities and their contact details here.