Skip to content


ISO/IEC 27001

Information security objectives:

  • Ensure continuity of the companies’ operations;
  • Reduce information-related risks by preventing information security incidents or reducing potential damage caused by them.

Tasks and lines of activities in the information security area:

  • Ensure that security of the information created, processed and stored is in the focus of attention;

  • Protect the companies‘ information assets from internal/external threats, deliberate or accidental harmful acts and other threats;
  • Enable the employees to safely exchange and process information;
  • Make a risk assessment in relation of information assets according to an approved risk assessment methodology;
  • Select appropriate risk management measures to reduce the risks identified;
  • Comply with legal and contractual requirements;
  • Consistently improve qualifications of staff on all levels and increase awareness in the information security area;
  • Report all actual or probable information security incidents to the company‘s management and ensure full investigation thereof;
  • Draw up, maintain and manage the companies‘ operational continuity plans;
  • Ensure consistent improvement of the information security management system according to ISO/IEC 27001:2013.

To fulfil these objectives and tasks, the Group‘s companies have implemented, maintain and
constantly improve the information security management system complying with ISO/IEC 27001.

The Information Security Management Policy was formulated and approved by the companies‘
management for compliance purposes.