The Management of ENERGOSERVICE AD, represented by the Executive Director issues the Information Security Policy of ENERGOSERVICE AD as a formal statement.
The Policy has been documented, communicated and understood by all employees having access to the information systems of ENERGOSERVICE AD and dealing with information provided by the company.
The Policy has been approved by the Executive Director and is implemented throughout the organization.
The Information Security Committee (ISC) enforces the Information Security Policy.
The present Information Security Policy provides the framework for a system of measures, designed to:
- Guarantee the confidentiality of the information through the implementation of approved measures to prevent unauthorized access to information and unauthorized information disclosure;
- Ensure the integrity of information through measures providing protection against unauthorized manipulation of information or against destruction of information;
- Ensure the availability of information by securing reliable and timely access to information;
- Ensure the accountability for information through implementing measures to control the access to information resources and by regulating the rights and privileges associated with information resources.
The Information Security Management System (ISMS) applies to all company activities, including but not limited to: Project management, engineering activities and services associated with digital and analogue measuring and control instruments and systems for steam power generation, hydro power generation and nuclear power generation facilities as well as supply and commissioning of ionizing radiation detection and measuring equipment and associated warranty and post-warranty servicing.
Goals of the Information Security Policy:
- To ensure business process continuity;
- To minimize information security risks which can lead to losses or damages to ENERGOSERVICE AD, its clients, partners and other stakeholders;
- To mitigate losses and damages resulting from information security breaches;
- To ensure resources are available to maintain an efficient ISMS;
- To provide information to employees regarding their roles and responsibilities in connection with information security.
This information security policy has been communicated to third parties having access to the to the information systems of ENERGOSERVICE AD and information provided by the company.
The information security policy is subject to regular review following a predefined procedure.
The Information security policy is amended as necessary in order to reflect any change in circumstances.
Each employee who believes that the present policy is being violated must notify the ISMS Coordinator.
Every employee who violates this Information Security Policy will be subjected to disciplinary action.
ENERGOSERVICE AD staff, company suppliers and contractors and third party users must adhere to all information security rules as outlined in procedures, instructions and other applicable ISMS documents.
The Management of ENERGOSERVICE AD fully participates in all processes related to the development, maintenance and improvement of the ISMS.