Information Security Policy


BSO’s Senior Management is committed to establishing, implementing, maintaining, and continuously improving its Information Security Management System (“ISMS”), ensuring the confidentiality, integrity, and availability of the information, by achieving security objectives and meeting legal requirements and internal regulations.

Information Security Objectives

Main Objective

The main objective is to establish guidelines for protecting the information and resources used to process and store the data of the Business Services & Outsourcing (“BSO”) business unit and its clients from any threat that may compromise their confidentiality, integrity, and availability.

Our main asset at the BSO business unit is the information of our clients, which is processed through our Accounting Outsourcing and Payroll Outsourcing services. Therefore, we are committed to protecting the confidentiality, integrity, and availability of such information in all business processes. For such purpose, we apply effective risk management practices, controls, procedures, and methodologies, we have highly trained personnel, we use new technologies, and we strive for continuous improvement. Thus, we comply with current regulations, Digital Governance guidelines, and international standards on information security and cybersecurity. In addition, we guarantee the business continuity of our clients and optimize our services.


Strategic Objectives
  • Information Security Management

Establish clear criteria to safeguard the information and resources related to the processing and storage of the data of BSO and its clients. This will prevent any threat that may affect the confidentiality, integrity, and availability of such data.


  • IT Asset Management

Manage technological assets in an efficient manner, encompassing acquisition, allocation, installation, configuration, maintenance, removal, and destruction processes.


  • Information Security Risk Management

Conduct periodic assessments of information security risks. This requires identifying any possible threats and vulnerabilities to information assets and applying appropriate controls to mitigate said risks to an acceptable level.


  • Information Security Incident Management

Identify, record, detect, resolve, and monitor all information security incidents to ensure a prompt and effective response to any breach or vulnerability. 


  • ISMS User Awareness

Promote and organizational culture focused on information security through ongoing training programs. 



This publication has been carefully prepared for public use by BDO Outsourcing S.A.C.; but it has been written in general terms and should be seen, interpreted, and assumed as broad guidance only. If you have any additional queries, please contact the correspondin department.