INFORMATION SECURITY POLICY
Information Security Policy (Management Commitment)
Leadership and commitment
By following the ISO/IEC 27001 international standards in security compliance, Corporater Romania Management takes the commitment to monitor, review, continuously maintain and improve the effectiveness of information security management system.
Management of Corporater Romania will lead the process of setting and achieving the information security policies and objectives which are established and are compatible with the strategic direction of the organization. The implemented policies will meet and satisfy all requirements from legal and regulatory perspectives. Also, the company will educate, train and raise awareness of its staff in the implemented information security system.
Management of Corporater Romania shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated. The definition of roles will ensure conformity of security management to the requirements of ISO/IEC 27001 and ISO/IEC 27017 and the reporting of security incidents to management.
All objectives, targets and principles of action regarding information security within Corporater Romania will be established and analyzed, with this Declaration Commitment as starting point. The content of this document will be reviewed annually to ensure its continuous suitability, compatibility and efficiency.
Risk assessment and mitigation
The Corporater Romania Management team shall establish acceptable levels of risks and criteria for handling risks , as well as set the objectives and security measures to be implemented by the organization to fulfil the requirements identified in the process of risk assessment.
All employees shall be continuously informed and follow the compliance management system documents on information security, compliance with laws and regulations applicable to the IT industry.
Management of Corporater Romania shall identify all the discontinuities that may occur in the organization, protect the critical business processes from the effects of major failures or disasters and ensure their restart in due time.
Management commitment to the ISO/IEC 27001 and ISO 27017 will be publicized at all levels and will be communicated to each employee and relevant third parties to ensure knowledge and understanding of security objectives, legal responsibilities and the organization’s commitment to maintain and continuously improve the effectiveness of the information security management.
Performance evaluation and continuous improvement
At planned intervals of no longer than one year, the Management of Corporater Romania will participate in, facilitate and ensure the participation of the employees in order to maintain, evaluate the effectiveness of and continually improve the information security system to meet the requirements from both the organization and international standards.
Corporater Romania will be audited once a year for ISO/IEC 27001 compliance by an accredited third party certification body. Through certification, application of the best practices for the planning, installation, configuration, use and maintenance of the implemented information security management system is ensured.
CORPORATER PERFORMANCE MANAGEMENT SRL
STREET MATEI BASARAB 20-A | DISTRICT 3 | BUCHAREST