Information security policy
The company information security policy defines the basic strategy and principles relating to information security management (ISMS) in accordance with ČSN ISO/IEC 27001, defines the basic security rules for the operation, use and maintenance of information and communication technologies in order to ensure the required availability and protection of information and to minimise damage resulting from potential security incidents.
Main principles for work with information and information security
- Ensure adequate protection of personal data in accordance with applicable legislation.
- Develop and promote a system of controlled access to information.
- Incorporate information security into job responsibilities.
- Ensure systematic training and improvement of employee qualification in the field of information security.
- Perform continuous identification of security incidents and take efficient measures to improve information security.
- Develop a set of continuity measures to deal with a major information failure, and regularly test and validate these measures.
- Provide information systems, Internet, electronic mail and other means of exchanging information accessible to the public.
- Secure the system of physical access to the premises to reduce threats to information assets.
- Enforce a safe workplace policy: clean desks, blank screens and empty trash bins.
- Enforce security rules for portable computing devices and other information carriers.
- Provide reliable control of the entire internal network against malicious software.
- Maintain, protect and develop information assets, reliably back up information systems.
- Regularly monitor and evaluate security risks and incidents.
- Comply with the requirements arising from contractual obligations and generally binding legislation.
- Ensure timely availability of information. Critical information availability time shall be determined in accordance with the importance thereof.
- Avoid unwanted modification of information.
- Avoid misuse or loss of information. Responsibility and protection for access to information and to premises where information assets are stored shall be defined.
- Violations of the information security policy by employees and contractors are viewed as a security incident that affects information security and shall be addressed accordingly.
- The causes of the policy violations shall be analysed and efficient actions taken to learn lessons from these incidents.
- Any employee who has been granted access to information assets for the purpose of carrying out their work activity assumes responsibility for the safe handling of these assets and for the protection of information within their competences.
- The information security policy and related documentation apply to all employees with access to information, regardless of their position, job title or role in the company. In accordance with the applicable legislation and regulations, all employees bear their share of responsibility for compliance with, or breach of, the rules which they have been made familiar with. All employees are required to respond to and report defects, malfunctions and security incidents that occur in a prescribed manner in accordance with the applicable policies and guidelines.
In accordance with the requirements ISO / IEC 27001, the company’s management has declared the Information security policy as its commitment. The intention of the management is to support the goals and principles of information security.
Ing. Hynek Brázda Ing. Aleš Mikula, MBA
Management representative of ISMS CEO