Security Policy

Protection of paper information has long-term tradition which lasts for centuries. Rapid growth of work with digital information has fundamentally changed security risk. On one hand, modern information technologies increas efficiency, but on the other hand they also increase the probability that highly important and sensitive information will get into wrong hands or simply disappear when a malfunction or an accident occurs.

The cornerstone of managing hazards associated with intensive usage of today's most valuable resource – information – is identification of clear principles and conditions for their safe and effective use.

The security policy is just the right fundament defining the organizational, personnel and technology action rules for the safety of assets, in particular – information.

Objectives

• Ensuring confidentiality – assets protection against unauthorized disclosure

• Ensuring integrity – assets protection against unauthorized or random variations, made to ensure accuracy and completeness of enterprise assets

• Ensuring availability – assets must be available whenever it is required in accordance with business goals

• Ensuring non-repundation – ensuring clear identification of the originator of executed transactions or identification of members of communication

• Work with information must also be in accordance with the applicable laws of the Czech Republic and with contractual obligations which a company have towards its contractors

Benefits

• Uniform method of handling information – reducing corporation vulnerability to random incidents

• Rapid recovery from an incident – when an incident occurs, alternative solutions are prepared for an immediate use

• Learning from errors – according to known procedures, you can identify the causes of the problem very quickly and then take effective measures

Framework

• Czech legislation

• internationally recognized standards of ISO/IEC 27001, 27002, 27005