Ιnformation Security Policy (ISMS) of Software Competitiveness International (SoftCom International)

The management of SoftCom International is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout their organization in order to preserve its competitive edge, legal, regulatory and contractual compliance and commercial image.

Information and information security requirements will continue to be aligned with the SoftCom International’s goals and the ISMS is intended to be an enabling mechanism for information sharing, for electronic operations, and for reducing information-related risks to acceptable levels.

The SoftCom International’s current strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of ISMS. The Risk Assessment, Statement of Applicability and Risk Treatment Plan identify how information-related risks are controlled. CISO is responsible for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks.

This means that management, the full time or part time employees/staff, the subcontractors, the assignees, the project consultants and any external parties have, and will be made aware, and are made aware continuously, of their responsibilities (which are defined in their job descriptions or contracts) to preserve information security, to report security breaches (in line with the applied policy and procedures) and to act in accordance with the requirements of the ISMS. The consequences of security policy violations are described in the organization’s disciplinary policy (part of the employee contract). All employees/staff receive information security awareness training and more specialized employees/staff receive appropriately specialized information security training. In this policy, ‘information security’ is defined as preserving:

  • Availability. This means that information and associated assets should be accessible to authorized users, where and when required, and therefore physically secure. The computer network must be resilient and the organization must be able to detect and respond rapidly to incidents (such as viruses and other malware) that threaten the continued availability of assets, systems and information. There must be appropriate business continuity plans.
  • Confidentiality. This involves ensuring that information is only accessible to those authorized to access it and therefore to preventing both deliberate and accidental unauthorized access to the organization’s information (and proprietary knowledge) and its systems (including its network(s), website(s) and extranet(s)).
  • Integrity. This involves safeguarding the accuracy and completeness of information and processing methods, and therefore requires preventing deliberate or accidental, partial or complete, destruction or unauthorized modification, of either physical assets or electronic data. There exist an appropriate contingency (including network(s), website(s), extranet(s)] and data backup plans and security incident reporting.
  • Availability. This means that information and associated assets should be accessible to authorized users, where and when required, and therefore physically secure. The computer network must be resilient and the organization must be able to detect and respond rapidly to incidents (such as viruses and other malware) that threaten the continued availability of assets, systems and information. There must be appropriate business continuity plans.
  • Confidentiality. This involves ensuring that information is only accessible to those authorized to access it and therefore to preventing both deliberate and accidental unauthorized access to the organization’s information (and proprietary knowledge) and its systems (including its network(s), website(s) and extranet(s)).
  • Integrity. This involves safeguarding the accuracy and completeness of information and processing methods, and therefore requires preventing deliberate or accidental, partial or complete, destruction or unauthorized modification, of either physical assets or electronic data. There exist an appropriate contingency (including network(s), website(s), extranet(s)] and data backup plans and security incident reporting.

The organization complies with all relevant data-related legislation in those jurisdictions within which it operates:

  • Physical assets. The physical assets of the organization including, but not limited to, computer hardware, networking devices, data cabling, telephone systems and physical data files.
  • Information assets. The information assets include information printed or written on paper, transmitted by post, or spoken in conversation, as well as information stored electronically on servers, website(s), extranet(s), intranet(s), PCs, laptops, mobile phones and PDAs, as well as on CD ROMs, USB sticks, backup tapes and any other digital or magnetic media, and information transmitted electronically by any means. In this context, ‘data’ also includes the sets of instructions that tell the system(s) how to manipulate information (i.e. the software: operating systems, applications, utilities, etc.).
  • The organization. The organization and of the partners that are part of our integrated network and have signed up to our security policy and have accepted our ISMS.
  • Physical assets. The physical assets of the organization including, but not limited to, computer hardware, networking devices, data cabling, telephone systems and physical data files.
  • Information assets. The information assets include information printed or written on paper, transmitted by post, or spoken in conversation, as well as information stored electronically on servers, website(s), extranet(s), intranet(s), PCs, laptops, mobile phones and PDAs, as well as on CD ROMs, USB sticks, backup tapes and any other digital or magnetic media, and information transmitted electronically by any means. In this context, ‘data’ also includes the sets of instructions that tell the system(s) how to manipulate information (i.e. the software: operating systems, applications, utilities, etc.).
  • The organization. The organization and of the partners that are part of our integrated network and have signed up to our security policy and have accepted our ISMS.

It is the policy of our company to ensure the following objectives:

  • Information is only accessible to authorized persons from within or outside the company.
  • Confidentiality of information is maintained.
  • Integrity of information is maintained throughout the process.
  • Business continuity plans are established, maintained, and tested.
  • All personnel are trained on information security and are informed that compliance with the policy is mandatory.
  • All breaches of information security and suspected weaknesses are reported and investigated.
  • Procedures exist to support the policy, including virus control measures, passwords, and continuity plans.
  • Business requirements for availability of information and systems will be met.
  • The CISO is responsible for maintaining the policy and providing support and advice during its implementation.
  • All managers and team heads («SPOCs»: single point of contact), the administration personnel of the company (business administration, IT & System administration) and the central functions responsibles (QM, CISO, internal auditors) are directly responsible for implementing the policy and ensuring staff compliance in their respective function
  • The use and management of the Personal Data in our Company is governed by the applicable law and is limited to the specific purpose for which it is intended. Our Company is in harmony with the Rights of Subjects under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with regard to the Processing of Personal Data.
  • Information is only accessible to authorized persons from within or outside the company.
  • Confidentiality of information is maintained.
  • Integrity of information is maintained throughout the process.
  • Business continuity plans are established, maintained, and tested.
  • All personnel are trained on information security and are informed that compliance with the policy is mandatory.
  • All breaches of information security and suspected weaknesses are reported and investigated.
  • Procedures exist to support the policy, including virus control measures, passwords, and continuity plans.
  • Business requirements for availability of information and systems will be met.
  • The CISO is responsible for maintaining the policy and providing support and advice during its implementation.
  • All managers and team heads («SPOCs»: single point of contact), the administration personnel of the company (business administration, IT & System administration) and the central functions responsibles (QM, CISO, internal auditors) are directly responsible for implementing the policy and ensuring staff compliance in their respective function
  • The use and management of the Personal Data in our Company is governed by the applicable law and is limited to the specific purpose for which it is intended. Our Company is in harmony with the Rights of Subjects under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with regard to the Processing of Personal Data.

Because the needs of our business change, we recognize that our management system must be continually changed and improved to meet our needs. To this effect, we are continually setting new objectives and regularly reviewing our processes.

This policy has been approved by the SoftCom International CEO and shall be reviewed by the management review team annually.

 

Chief Executive Officer at SoftCom International 

Dr. Zoi Ekaterinidi

November 2018

Font Resize
Skip to content