Information Security Policy
The aim of this top-level Policy is to define the purpose, direction, principles and basic rules for information security management.
This Policy is applied to the entire Information Security Management System (ISMS), as defined in the ISMS Scope Document.
Users of this document are all employees of the company, as well as relevant external parties.
Confidentiality – characteristic of the information by which it is available only to authorized persons or systems.
Integrity – characteristic of the information by which it is changed only by authorized persons or systems in an allowed way.
Availability – characteristic of the information by which it can be accessed by authorized persons when it is needed.
Information security – preservation of confidentiality, integrity and availability of information.
Information Security Management System – part of overall management processes that takes care of planning, implementing, maintaining, reviewing, and improving the information security.
General objectives for the information security management system is to create a better market image and reduce the damage caused by potential incidents. We have defined a set of measurable service and security objectives aligned to our strategy and risks and these are documented within our Scope Document.
We will measure the fulfillment of all the objectives; the measurement will be performed at least once a year and will analyze and evaluate the measurement results and report them as input materials for the Management review.
This Policy and the entire ISMS is be compliant with legal and regulatory requirements relevant to the organization in the field of information security, as well as with contractual obligations.
A detailed list of all our interested parties and our compliance obligations to them has been documented within our Scope Document.
The process of selecting the controls is defined in the Risk Assessment Process.
The selected controls and their implementation status are listed in the Statement of Applicability.
Business continuity management is prescribed in the Business Continuity Management Policy.
Responsibilities for the ISMS are the following:
Information Security Officer must ensure that all employees of the company, as well as appropriate external parties are familiar with this Policy. External party communication is done through the NDA process.
Senior Management ensure that ISMS implementation and continual improvement will be supported with adequate resources in order to achieve all objectives set in this Policy, as well as satisfy all identified requirements.
This document is valid as of March 12th, 2019.