Information Security Management Policy

The company considers the security of information and data it manages, in the framework of services provided to its clients, of strategic importance. Recognising the importance of information and information systems in the execution of its business operations, the company’s Administration supports and promotes actions to ensure secure system operation. For this reason, the company has developed and implements an Information Security Policy, aimed at:

  • Ensuring compliance with legal and regulatory requirements to which its operation must conform.
  • Ensuring the confidentiality, availability and integrity of the information it manages.
  • Protecting the data of clients, employees and any other related third party.
  • Immediately addressing any Information Security breach incidents.

In this context:

  • Technical measures to control and restrict access to information and information systems are specified.
  • The process to classify information depending on its importance and value is defined.
  • The process for access of information systems by users and for the classification of their rights is defined.
  • The necessary actions for the protection of information during processing, storage and transfer are described.
  • Archives and backup copies are kept.
  • The capability for protection of personal data throughout the use of any internal tool or any service provided by a third party, is ensured by the company.
  • The methods for the update and training of Company employees and associates regarding Information Security are defined.
  • The ways to address Information Security incidents are specified.
  • The processes through which it is ensured that the company’s business operations will continue in a secure and uninterrupted manner in the event of an information system malfunction or failure are described.

The company has developed a plan for the assessment of risks related to the security of personal data and information, which is monitored on a regular basis and updated depending on the conditions prevailing at any given time. The validity of this plan is confirmed on an annual basis to ensure that adequate information security actions are taken and, if this is not the case, to decide on further actions. However, if conditions change and/or in the event of a security incident, the company’s Management shall exceptionally review and update the plan.

The company is committed to comply with the existing legal and regulatory provisions regarding information security and continuously improve the Information Security Management System.

Version: 1 October 2020