MENIU > QUALITY > ISO/IEC 27001
ISO/IEC 27001
Information security objectives:
- Ensure continuity of the companies’ operations;
- Reduce information-related risks by preventing information security incidents or reducing potential damage caused by them.
Tasks and lines of activities in the information security area:
Ensure that security of the information created, processed and stored is in the focus of attention;
- Protect the companies‘ information assets from internal/external threats, deliberate or accidental harmful acts and other threats;
- Enable the employees to safely exchange and process information;
- Make a risk assessment in relation of information assets according to an approved risk assessment methodology;
- Select appropriate risk management measures to reduce the risks identified;
- Comply with legal and contractual requirements;
- Consistently improve qualifications of staff on all levels and increase awareness in the information security area;
- Report all actual or probable information security incidents to the company‘s management and ensure full investigation thereof;
- Draw up, maintain and manage the companies‘ operational continuity plans;
- Ensure consistent improvement of the information security management system according to ISO/IEC 27001:2013.
To fulfil these objectives and tasks, the Group‘s companies have implemented, maintain and
constantly improve the information security management system complying with ISO/IEC 27001.
The Information Security Management Policy was formulated and approved by the companies‘
management for compliance purposes.