TEIMAS reinforces its commitment to information security

Santiago de Compostela, May 7, 2024

TEIMAS, a technology company based in Santiago de Compostela since its founding in 2008, has consolidated its position as a leader in the development of software specialised in technological solutions for the environmental sector. With an innovative approach in this field, the Galician company has established a rigorous Information Security Management System, aligned with the international standard UNE-ISO/IEC 27001 and certified by APPLUS.

TEIMAS' commitment to the fundamental principles of information security (confidentiality, availability and integrity) is highlighted in its business practices. To ensure the protection of its customers' data and to facilitate operation for users, TEIMAS has implemented several measures, including:

• Backups: basic point for protection against external threats and internal or user errors. The company has multiple backup copies distributed in different locations and stored on “Write Once Read Many” media, ensuring the immutability of the data.
  
  
• Redundancy: with the objective of maintaining access to data at all times, even in the face of possible complete system failures, TEIMAS has redundanted its systems in multiple geographical locations, allowing a quick recovery of access, even in the face of the complete failure of a geographical location, for example due to a natural disaster.
  
  
• Secure Development Policies: all the source code of TEIMAS applications is reviewed by multiple developers and subjected to automated tests to minimise errors in customer environments.
  
  
• Vulnerability analysis: Carried out by external specialised entities, these analyses allow to evaluate the security of the software and to detect areas for improvement and possible risks.
  
  
• Monitoring and alarms: TEIMAS has a constant monitoring system that allows it to detect and even anticipate possible problems. Active alarms have been established 24 hours a day to ensure the continuous availability of services.
  
  
• Communication security: By implementing various mechanisms, TEIMAS prevents unauthorised access and capture of information during transmissions. The company segments environments according to the level of access required and follows a strict policy of granting only the minimum necessary permissions.
  
  

In addition to its technical approach, the company is distinguished by its continuous monitoring at the organisational level, carrying out regular audits to ensure compliance with established policies.

TEIMAS collaboration with INCIBE

A relevant collaboration is maintained with the National Institute of Cybersecurity (INCIBE) to correct possible software vulnerabilities and ensure transparent communication with software users. As a result of this collaboration, INCIBE has recently published a security improvement in the TEIMAS Teixo software, aimed at preventing specific attacks, such as XSS.

Thanks to its SaaS (Software as a Service) distribution model, TEIMAS ensures that its software is always updated and patched, thus avoiding the exploitation of corrected errors, as reported by INCIBE in its report:

Vulnerability fixed in version 1.42.48-stable, deployed on 9 January 2024. As the affected product is a SaaS, it is not currently possible to access versions where the vulnerability is still present.

‍