The protection of information and its processing systems is of strategic importance to us in order to achieve our short-term and long-term goals and at the same time, to ensure the privacy of our customers’ lives.
Recognizing the criticality of information and information systems in the execution of its operational functions, we implement an Information Security Policy with the aim of:
√ ensuring the confidentiality, integrity and availability of the information we manage.
√ ensuring the proper functioning of information systems.
√ the timely response to incidents that may jeopardize our business operations.
√ meeting the legislative and regulatory requirements.
√ the continuous improvement of the level of Information Security.
For that reason:
√ we define the organizational structures necessary to monitor issues related to Information Security.
√ we define the technical measures to control and restrict access to information and information systems.
√ the way the information is classified according to its importance and value is determined.
√ the necessary actions for the protection of information during the stages of their processing, storage and distribution are described.
√ the ways of informing and training our employees and partners in matters of Information Security are defined.
√ the ways of dealing with Information Security incidents are identified.
√ the ways in which the safe continuity of our business operations is ensured in cases of malfunction of information systems or in cases of disasters.
We conduct assessments of the risks associated with Information Security at regular intervals and take the necessary measures to address them. We apply a framework for evaluating the effectiveness of Information Security procedures through which performance indicators are defined, their measurement methodology is described, and periodic reports are produced which are reviewed by the Management in order to continuously improve the system.
The Information Security Officer has the responsibility to control and monitor the policies and procedures related to Information Security and to take the necessary initiatives to eliminate all those factors that may jeopardize the availability, integrity and confidentiality of our information.
Our employees and partners with access to information and information systems of the company, are responsible for complying with the rules of the applicable Information Security Policy.
We are committed to the continuous monitoring and compliance with the regulatory and legislative framework and to the continuous implementation and improvement of the efficiency of the Quality Management System and Information Security.