Quality and Information
Security Policy
Introduction
Attachment №3 to the ISMS Guidelines Quality management and information security is at the heart of the business of OPENINTEGRA AD. This Quality and Information Security Policy sets the framework for a system of measures that is aimed at:- Continuous improvement of the quality of products/services provided;
- Full satisfaction of customer and interested party needs and requirements;
- Ensuring CONFIDENTIALITY of information – applying a system of approved restrictions on access and disclosure of information;
- Ensuring the INTEGRITY of the information – by protecting against unauthorized modification or destruction of the information;
- Ensuring ACCESSIBILITY of information – by providing reliable and timely access to information;
- Achieving ACCOUNTABILITY of information - by introducing controls over access and rights to information systems.
This policy aims to:
- ensure compliance and business continuity;
- to minimise risks related to information quality and security causing loss or damage to the company, its customers, partners and other interested parties;
- minimise the extent of loss or damage caused by information security breaches;
- protect information from threats, whether internal or external, intentional or accidental;
- to provide the necessary resources for the operation of an effective management system;
- inform employees of their responsibilities and obligations with regard to information quality and security;
- to ensure the protection and privacy of information constituting personal data;
- Ensure compliance with regulatory and contractual requirements.
The Quality and Information Security Policy is disseminated to employees and interested parties in appropriate ways. It is regularly reviewed for adequacy and revised as necessary to take account of changing circumstances.
Any employee who believes that there is an abuse of this policy must notify the Security Supervisor.
Any employee found to have violated this policy shall be subject to disciplinary action.
The management of OPENINTEGRA AD undertakes responsibility for compliance with the principles set out in the Quality and Information Security Policy, as well as for its updating and improvement when necessary. This policy must be reviewed for adequacy during management’s reviews of the integrated information quality and security management system.