Basic Information Security Policy
Published: 2nd January 2023
Effective from: 2nd January 2023
In the Kindred. s.r.o. company, the basic security rules for handling information, operation, use, and maintenance of information and communication technologies are determined with the aim of ensuring the required availability, confidentiality, and integrity of information, and minimizing damages caused as a result of possible security events and incidents. The protection of cloud computing services and the protection of customer data must be ensured.
Every employee of the organization who has access to information and information resources of the company assumes responsibility for the safe handling of these resources, for the protection of information and bears, according to valid legislation and regulations, his share of responsibility for compliance, or violation of the rules with which he was made aware.
The main principles of working with information and how to secure it:
- ensure controlled access to information according to the need-to-know principle,
- to ensure systematic training and improvement of the qualifications of workers in the field of information security,
- perform constant identification of security events and incidents and take effective measures to improve information security, each employee is obliged to respond to security events and draw attention to them,
- ensure a secure system of physical access to the premises to reduce the risk of information,
- enforce a safe workplace policy: clean desks, empty screens, and trash cans,
- enforce security rules for portable computer devices and other information carriers,
- ensure reliable control of the entire internal network against the effects of malicious software,
- maintain, protect and develop information assets, reliably back up information systems,
- safely dispose of storage media,
- regularly monitor and evaluate security risks and take effective measures to reduce them,
- ensure the requirements arising from contractual obligations and generally binding legal regulations,
- manage and secure the activities of suppliers and subcontractors who have access to the company's information assets,
- ensure the timely availability of information - the period of critical availability of information must be determined, per its importance, and measures to maintain the continuity of operations in the event of a serious failure in the area of information, these measures must be regularly tested and verified,
- ensure adequate protection of personal data according to applicable legislation,
- prevent unwanted modification of information
Consequences of breaching the information policy
- Violations of this Information Security Policy by employees and contractors are viewed as a security event/incident that affects information security and must be addressed accordingly,
- the causes of breaches must be analysed and effective action taken to learn from these events.