The Company is committed to complying with the Information Security Management System, acknowledging that the active participation and knowledge, of both the information security management system and the philosophy of its implementation, is a prerequisite for achieving the objective of the Company, in the context of the current legislation and the needs of its operation in the industry in which it operates.
To ensure a level of security proportional to the criticality and confidentiality of the information, but also to maximize the credibility of the Company’s information, the Management:
· Has created a special position, i.e. Information Security Manager (ISM), who is responsible for maintaining and improving the information security system and reports directly to the Management.
· Has taken into account all the regulatory and legal requirements of the country, as well as requirements arising from signed contracts with clients of the Company.
· Has approved and applies a specific methodology of recording, estimating and dealing with risks
· Has decided what will be the field in which the system will be applied
· Has prepared and approved a business continuity plan
· Has trained all people involved
· Has approved at regular intervals the level of residual risk
Based on the above, the Company’s Management is committed to:
· Adhering strictly to and prioritizing the security practices in its daily activity and communicating the importance of the essential application of an effective security system by all staff
· Encouraging training and constantly pursuing that all staff members know their obligations arising from the implementation of policies and procedures that govern the system and organization of the security system
· Selecting suppliers and partners in relation to the level of security and quality of their services provided
· Providing the necessary resources in supporting the system on the basis of achieving the objectives it seeks and expects
· Controlling the achievement of these fundamental principles that are its main strategy, to examine the results of the internal security inspections and to participating in its systematic and in -depth review.
For the Company, information security is not only about regulatory compliance, but also a key strategic tool regarding the confidence from customers and a competitive advantage at a time when the largest part of the information is in electronic form.
This Information Security Policy is published, notified to and applied by all staff.