Doing business in KING ICT requires a great deal of information exchange, both internally and externally with customers, partners and other interested parties. To maintain the continuity of our business, it is important to take measures for the protection of information assets from all threats – internal and external, intentional and accidental – to the confidentiality, integrity and availability of information.
Bearing this in mind, we commit ourselves to:
Invest in keeping information confidential, integral and available to all stakeholders according to their respective business needs.
Not allow any unauthorized access and misuse of information.
Focus on building relations and communication with stakeholders, understanding their needs and expectations related to our context.
Orchestrate our actions and decisions based on the results of periodic risk assessments.
Report any and all security issues and incidents to the information security authorities in a timely manner, so as to explore and analyse the causes and mitigate information security risks.
Measure our established goals and monitor the effectiveness of protective measures and the whole system to ensure an appropriate level of control and continual improvement.
Analyse and assess information security risks regularly at planned intervals.
Test, develop and maintain disaster recovery plans and procedures.
Information and systems make available.
Organize adequate and timely education and training on information security to maintain awareness and competence among employees and other stakeholders.
Name all the applicable security controls and apply them to ensure compliance with the legal, regulatory and contractual requirements, as well as other requirements we choose to follow.
To fulfil our obligations and ensure an adequate level of control and traceability needed to objectively make evident compliance with accepted processes, our policy is to maintain a functional and efficient information security management system implemented, maintained and improved in compliance with the ISO 27001 international standard.
The information security management system, including accepted and approved policy with related documents, is published on the company intranet accessible by all employees.
Rev. 1, 2014-06-04
President of the Management Board