Information Security Policy
Introduction:
„Chronika” ООD is a company, providing services related to commercial and confidential information of clients as well as personal data of their employees. „Chronika” OOD sets out to be a reliable partner for its clients. Building up mutual trust is an issue of high importance for the development of the company. In addition to the employees, knowledge and information security are among Chronika’s most valuable assets.
The current information security policy sets the framework of a system of measures, which aims to:
• Safeguard the confidentiality of information (corporate and clients’) by applying approved limitations of access and disclosure of information;
• Make provision for the integrity of information by protecting unauthorized amendments or destruction of information;
• Make provision for accessibility to the information by ensuring a reliable and prompt access to it;
• Achieving information accountability by establishing control over the access and the rights upon the information resources.
The Management considers it a priority, and takes full responsibility for establishing and applying an Information Security Management System (ISMS) in order to achieve the aims of the company and provide a high level of security to the company’s clients and partners.
Purpose:
The purpose of the information security policies is:
• To determine the necessary requirements for protection of the information assets of „Chronika” OOD by providing a balance of efficiency, rationality and adequacy of the security level;
• To provide continuity of the business processes;
• To minimize the information security risks, causing losses or damages to „Chronika” OOD its clients, partners and other concerned parties;
• To minimize the level of losses and damages, caused by breakthrough in the information security;
• To ensure conformity with regulatory and professional requirements for confidentiality;
• Protection of data and inviolability of personal information;
• Protection of commercial information and intellectual property rights (know-how) of clients and the organization;
Basic criteria:
Confidentiality: Business information has to be protected from unauthorized access.
Integrity: Integrity and accuracy of the business information during its storage and exchange.
Availability/Accessibility: The business information has to be accessible and available for authorized users at all times, when necessary.
Scope:
The security policy is applied with respect to:
• Information in all possible forms, including electronically and on paper, and the process of exchanging this business information.
• All computer systems, separate and/or connected through a network, which are possessed by „Chronika” OOD or serviced by third parties in favour of „Chronika” OOD; including all premises, in which information systems are stored and serviced.
• All computer operating systems and applied software, used by „Chronika” OOD, regardless of their origin.
• All staff members of „Chronika” OOD, trainees, consultants on temporary projects, or third parties.
Review and application:
• The information security policy is regularly reviewed based on a set process. The information security policy is revised to consider the changing circumstances.
• Each staff member, who considers there is an abuse of the current policy in the organization, must notify the Managing Partner and the System Administrator
• Each staff member, who is deemed to have violated this policy, will be subjected to disciplinary action.
• The personnel of „Chronika” OOD is obliged to follow all rules related to information security, described in procedures, instructions and other documents from ISMS.
• The Management of „Chronika” OOD declares its full commitment to the processes of development, maintenance and improvement of ISMS.
„Chronika” ООD is a company, providing services related to commercial and confidential information of clients as well as personal data of their employees. „Chronika” OOD sets out to be a reliable partner for its clients. Building up mutual trust is an issue of high importance for the development of the company. In addition to the employees, knowledge and information security are among Chronika’s most valuable assets.
The current information security policy sets the framework of a system of measures, which aims to:
• Safeguard the confidentiality of information (corporate and clients’) by applying approved limitations of access and disclosure of information;
• Make provision for the integrity of information by protecting unauthorized amendments or destruction of information;
• Make provision for accessibility to the information by ensuring a reliable and prompt access to it;
• Achieving information accountability by establishing control over the access and the rights upon the information resources.
The Management considers it a priority, and takes full responsibility for establishing and applying an Information Security Management System (ISMS) in order to achieve the aims of the company and provide a high level of security to the company’s clients and partners.
Purpose:
The purpose of the information security policies is:
• To determine the necessary requirements for protection of the information assets of „Chronika” OOD by providing a balance of efficiency, rationality and adequacy of the security level;
• To provide continuity of the business processes;
• To minimize the information security risks, causing losses or damages to „Chronika” OOD its clients, partners and other concerned parties;
• To minimize the level of losses and damages, caused by breakthrough in the information security;
• To ensure conformity with regulatory and professional requirements for confidentiality;
• Protection of data and inviolability of personal information;
• Protection of commercial information and intellectual property rights (know-how) of clients and the organization;
Basic criteria:
Confidentiality: Business information has to be protected from unauthorized access.
Integrity: Integrity and accuracy of the business information during its storage and exchange.
Availability/Accessibility: The business information has to be accessible and available for authorized users at all times, when necessary.
Scope:
The security policy is applied with respect to:
• Information in all possible forms, including electronically and on paper, and the process of exchanging this business information.
• All computer systems, separate and/or connected through a network, which are possessed by „Chronika” OOD or serviced by third parties in favour of „Chronika” OOD; including all premises, in which information systems are stored and serviced.
• All computer operating systems and applied software, used by „Chronika” OOD, regardless of their origin.
• All staff members of „Chronika” OOD, trainees, consultants on temporary projects, or third parties.
Review and application:
• The information security policy is regularly reviewed based on a set process. The information security policy is revised to consider the changing circumstances.
• Each staff member, who considers there is an abuse of the current policy in the organization, must notify the Managing Partner and the System Administrator
• Each staff member, who is deemed to have violated this policy, will be subjected to disciplinary action.
• The personnel of „Chronika” OOD is obliged to follow all rules related to information security, described in procedures, instructions and other documents from ISMS.
• The Management of „Chronika” OOD declares its full commitment to the processes of development, maintenance and improvement of ISMS.