In Atlantica, we prioritize security and protection of information and systems, including information of our employees, partners and suppliers. We regularly review our capabilities, reassess our policies and coordinate communication and cybersecurity related training across our organization.
In the current world, organizations may be subjected to disruption, damage or failure from a variety of sources, including computer viruses, security breaches, cyber-attacks, phishing attacks, natural disasters and defects in design. Energy facilities have been experiencing an increasing number of cyber-attacks. We are aware that cybersecurity incidents are evolving and include malicious software, attempts to gain unauthorized access to data and other electronic security breaches that could lead to disruptions in systems, unauthorized release of confidential or otherwise protected information and the corruption of data.
We understand the importance of having strong cybersecurity practices to enable resilience across our ecosystems. We invest time, money and creative talent to evolve as the threats grow in their degree of sophistication. We implemented prevention, monitoring and threat-detection measures following several international standards including ISO27000 and COBIT5. COBIT 5 is a business framework for the governance and management of enterprise information systems and is a product of a global task force and development team from ISACA, a nonprofit, independent association of over 140,000 governance, security, risk and assurance professionals in 187 countries.
We train all our employees once per year to detect, monitor and prevent threats by following right procedures in various user-centric cybersecurity skills such as email phishing, sophisticated password maintenance, avoidance of public wireless network hotspots, among other.
We also conduct periodic internal and external audits to ensure that our cybersecurity controls are effective. We elaborated a risk map based on which we evaluate each of the relevant risks. High-level areas of focus are information security policies, human resources security, access control, physical security, operational and communication security, cryptography, incident management, supplier relationships, business continuity and compliance.