Information Security Policy


The objective of this general policy is to define the purpose, direction, principles, and basic rules for the Information Security Management System of TopManage Panama.

The Policy applies to the entire Information Security Management System (ISMS) considering the boundaries and exclusions stated in the current version of the Scope Description document.

The intended audience of this document includes all employees of TopManage, as well as external third parties considered relevant to the ISMS as determined by Senior Management.

We recognize the value and privacy of information, and therefore, we have implemented an information security management system to control all our efforts towards information security.


TopManage Panama is a technology company with over 25 years of experience in the Latin American market. We specialize in providing the service of Proveedor de Autorización Calificado (PAC), approved by the General Directorate of Income of Panama through Resolution No. 201-5711, for the validation and authorization of electronic documents. This service enables our clients to issue authorized electronic invoices efficiently and securely, complying with current tax regulations and optimizing their administrative processes.

We acknowledge the value and privacy of information, and therefore, we have implemented an information security management system to control all our efforts towards information security.

This information security policy establishes the principles and guidelines to protect the information associated with “Authorizations for the Use of Electronic Documents” within our ” Proveedor de Autorización Calificado” (PAC) service in the electronic invoicing system. The policy is based on the regulations of the General Directorate of Income of the Republic of Panama and aims to ensure the confidentiality, integrity, and availability of the information, as well as to prevent and mitigate the risks associated with its handling.

At TopManage, through the implementation of the Information Security Policy, we are committed to identifying and fulfilling applicable requirements related to our system, information security, and legal, regulatory, and contractual obligations concerning information security. We also commit to the continuous improvement of our Information Security Management System.

As part of our commitment, we hereby establish the information security objectives that are aligned with the strategic goals of the organization, as determined by Senior Management. The objectives are as follows:

  1. Demonstrate to our stakeholders that we have the capability to protect their information through the implementation and certification of an Information Security Management System based on the requirements of the ISO/IEC 27001 standard.
  2. Ensure the availability of our electronic document authorization service (DocFlow Invoicing PAC) through the assessment, monitoring, and implementation of procedures that protect information assets and prevent or correct any deviations or security incidents.
  3. Promote and maintain a positive information security culture among our personnel through the implementation of procedures, best practices, training activities, and awareness programs on information security.

The CEO is responsible for defining the method to measure the achievement of the Information Security objectives. Measurement will be conducted at least once a year, and the Security Officer will analyze and evaluate the results, reporting them to Senior Management as material for Management Review.

The Security Officer is responsible for all information security efforts, including recording details about measurement methods, frequencies, and measurement results.

Additionally, the CEO may establish other responsibilities and authorities as determined in Roles and Responsibilities.

To ensure these results, policy and procedure documents will be kept up to date and made available to relevant stakeholders.

This Information Security policy will be communicated to the employees of TopManage Panama and made available to stakeholders as determined by Senior Management.