The nature of the business of Fleksbit d.o.o. requires the exchange of information both internally and with external customers, partners and other business stakeholders. To maintain the continuity of our business, it is important to take measures to protect information assets from all threats, internal and external, intentional or accidental, confidentiality threats, integrity and availability of information. With this in mind, the management of Fleksbit d.o.o. formulates the principles of information security policy:
- ensure the confidentiality of information and protect it from unauthorized access and misuse,
- maintain the integrity of information to ensure its lasting accuracy and applicability,
- make information and information systems available to stakeholders in accordance with business needs,
- build relationships and maintain communication with business stakeholders with an understanding of our own context and the needs and expectations of stakeholders,
- regularly carry out the identification, analysis and assessment of information security risks in the planned periods
- base decisions and actions on the results of regular information security risk assessment,
- ensure employee awareness and ability for information security through education and training
- ensure compliance with legal, regulatory and contractual requirements, as well as other information security requirements that we have undertaken to comply with through the applied information security measures
- ensure adequate control and continuous improvement through measurable goals and monitoring of system performance and applied information security measures
- report information security threats in a timely manner to the persons competent for information security management,
- investigate and analyse security incidents and initiate appropriate actions to eliminate the causes of threats and reduce risks,
- develop, maintain and test plans for recovery from the consequences of security incidents and keep business continuity.
In order to meet these obligations and ensure the appropriate level of control necessary to demonstrate compliance with the adopted processes, our policy is to maintain a functional and effective information security management system that is established, maintained and improved in accordance with the requirements of the international standard ISO 27001.
The manager of FLEKSBIT Ltd. is responsible for communicating the Information Security Policy to all persons working for or on behalf of FLEKSBIT d.o.o. and making it available to relevant stakeholders.