The information assets we handle such as data relating to our business partners and clients is vital for our business. We take measures to maintain the security of our information assets, including its confidentiality, integrity and availability. We ensure that management and employees are aware of the importance of protecting information assets from the risk of leakage, corruption and loss, and that company members handling information assets adhere to our information security policy. The key elements of this policy are outlined below.
1. Information security policy
In order to protect information assets, we carry out operations in accordance with an established information security policy. We adhere to our contractual obligations and conform to all laws, rules and industry standard practices relating to information security.
2. Risk assessment
We have established a systematic risk assessment methodology with clear criteria for analyzing and evaluating existing risks to information assets (leakage, corruption, loss etc.). Such risk assessments are carried out periodically and based on the results necessary security counter-measures are implemented.
3. Information security organization
A management-led information security organization has been established in which authority and responsibilities are clearly defined. Periodical training and education are carried out to ensure all company members handle information assets in an appropriate manner and maintain a high awareness of the importance of information security.
4. Audits and improvements
Checks and audits performed by third parties are periodically carried out to assess adherence to the security policy and handling of information assets. Any discovered deficits or areas for improvement are quickly addressed.
5. Incident handling
Appropriate measures are in place to deal with information security-related incidents, including pre-established protocols to minimize any potential damage. Any incidents that occur are addressed promptly and corrective actions devised as appropriate. For incidents that may disrupt company operations, a management framework has been established and is periodically reviewed in order to ensure business continuity.
6. Management system
In order to realize effective information security in line with the foregoing, an information security management system (ISMS) based on ISO/IEC 27001 has been established. This system is in continuous operation and is reviewed and improved on an ongoing basis.
Enacted: 21st November 2018
Latest revision: 8th April 2019