54
2016 ANNUAL REPORT
Information Systems
Follow-up Activities
Information systems are the cornerstones
of the SCI. As reinforcement thereof, the
following actions were taken:
a. Diagnosis of the implementation
of the Information Security
Management System that included
revising existing controls and
designing new ones, as well as
hiring a third party to implement the
corrective plan for vulnerabilities
in core processes detected in the
diagnosis.
b. Development of an employee
information security campaign.
c. Official implementation of the
Information Technology Continuity
Plan.
The following processes and documents
were followed up in 2016:
a. The directive for reinforcing the
SEVRI, approved by the Board
of Directors in 2015; regarding
accountability mechanisms, the
possible risks associated with
the company’s operations and
coordination
among
different
areas, for which the participation
of different subordinate units is
required.
b. The management plans based on
risk assessments that incorporate
the
actions
resulting
from
evaluations and the application of
the Institutional Management Index.
c. The activities of the Management
of Ethics program that give ethics
a permanent and comprehensive
scope.
d. The reports from the Office of
the Comptroller of the Republic,
thereby complying with all
guidelines set forth in report
DFOE-AE-IF-13-2014,
Special
Audit Report on the Quality and
Security of Data Supporting the
Information Systems of Refinadora
Costarricense de Petróleo, S.A.
(RECOPE).
e. Implementation of improvement
projects resulting from the
application of the Maturity Model of
the SEVRI.