Quality and Information Security Policy
SC Evotek Networks SRL has established, documented and implemented an Quality and Information Security Integrated Management System, in accordance with SR EN ISO9001:2015, SR EN ISO/IEC 27001:2018 and that is described within Integrated Management System Policy(ISMP).
By implementing the integrated management system, top management is committed to:
- Fulfil requirements of clients, as well as other involved parts
- Ensure the necessary infrastructure and work environment for the safe conduct of all the required processes
- Ensure the necessary resources for reaching the objectives
- Comply with current Laws and Regulations, which apply to all activities conducted inside the company
- Continuous improvement of work conditions and performance
- Continuous improvement in efficiency for the management system of quality and information security
Taking into account its importance, information must be protected in an efficient way. Such a way of protection for information and informatic systems gives the possibility for SC Evotek Networks SRL to efficiently reach their objectives. An inadequate protection of information and informatic systems affects business performance and may have a negative impact, affecting the company’s reputation, trust and image.
Mentioned principles present inside this policy document, were developed by the members of Security Team(ST) in order to ensure that all the actions and decisions are made in a way that secures and preserves all information, confidentiality and informatic systems within SC Evotek Networks SRL, and all information attributes(Confidentiality, Integrity and Availability) are well determined and processed.
Explicit use of computers and equipment within SC Evotek Networks SRL requires that these principles must be adhered to and implies a monitoring process for confirming that all the regulatory, statutory, contractual and legal standards are respected, by including the whole personnel in understanding and implementing the information security policy and all the corresponding directives.
The documentation related to information security is available to all interested parties, on paper and online, and is periodically revised. Understanding and Complying to the policies of Quality and Informamtion Security Management System, by all SC Evotek Networks SRL personnel and the partner companies, is mandatory, taking into account the corresponding level of access and/or interest.
The major objective of the quality policy is to ensure the continuous increase in clients’ and other involved parties’ satisfaction.
The major objective of the information security policy is to ensure business continuity and minimize risks by preventing incidents and reducing their potential impact.
The general objectives concerning the quality and security of information are:
- Improving clients’ trust in all the offered services by SC Evotek Networks SRL
- Improving the quality of services by using performant technologies and equipment for production activities
- Constantly developing the professional skills of employees
- Identifying, analyzing and assessing information security risks
- Reducing the negative impact of potential informational risks affecting company’s activities
- Obtaining the certification for implementing a Quality and Information Security Management System by an Accredited Cerification Body
- Full compliance in applying security information requirements as requested by partners
- Improving the awareness to importance of information security for all the employees
- Constantly improving the Management System in Quality and Security of Information
- Providing the required resources for survival and recovery in case of emergency situations
- Providing efficient communication of security incidents, as well as appropriate measures in treating and reducing potential threats
In order to ensure that all the general objectives will be reached, SC Evotek Networks SRL leadership has appointed a security structure(ST – Security Team) which has the role, among others, to check that all the processes inside the Information Security Management Program are aligned to the specific business requirements, company’s activities and SR EN ISO/IEC 27001:2018 standard. Furthermore, SC Evotek Networks SRL leadership will ensure, through management analysis, that Security Team has efficiently defined the risk assessment methodology, as well as the acceptance level for residual risks. SC Evotek Networks SRL leadership will also ensure, through management analysis, that informational risks have been correctly identified, analyzed and assessed and the options for treating the informational risks have been also correctly identified and implemented, using planned timetables or whenever any changes made inside the management system make it necessary.
Selecting and Implementing specific objectives for quality and information security and risk reduction methods, as well as operating and implementing the Quality and Information Security Integrated Management System are analyzed and approved by SC Evotek Networks SRL leadership.
Process specific objectives are developed in accordance with Quality and Information Security Management Program. To reach these objectives, allocation of material, financial and human resources are required
SC Evotek Networks SRL leadership ensures the fulfilment of Quality and Information Security Policy. The authority and the responsibility for establishing, implementing and maintaining the Quality and Information Security Integrated Management System are delegated to the Integrated Management System Representative (ISMR).
SC Evotek Networks SRL leadership will ensure, through ISMR, that the Integrated Management System Requirements are known, acquired and applied by the whole personnel.
SC Evotek Networks SRL top management has approved Declaratia de aplicabilitate - DA-01 (Statement of Applicability) in conformity with SR EN ISO 27001:2018 standard requirements.
The goal of the Security Policy is to protect the company’s assets against internal or external, deliberate or accidental threats.
The Security Policy states that:
- All information is protected against any unauthorized threat
- Information confidentiality will be ensured
- Information integrity will be maintained
- The availability of business information processes will be maintained
- All laws, regulations and legal, contractual, regulatory and statutory requirements will be respected
- Business Continuity Plans will be developed, implemented and maintained
- Training and Improvement will be a continuous activity for the whole personnel
- All actual and future threats will be adequately reported and investigated
All the specific procedures support policy implementation, including antivirus protection programs, password policy and business continuity plans.
Information and informatic system availability will be properly monitored.
ISMR will be responsible for implementing and maintaining the policy, as well as providing support for the whole personnel.
All the members of SC Evotek Networks SRL management and process owners are directly responsible for implementing and maintaining the security policy, as well as understanding and complying to the security policies by the whole personnel.
The quality and security policy is taking into account all the legal, regulatory, statutory and contractual requirements within SC Evotek Networks SRL and is aligned to the context of risk management.
© All rights reserved SC Evotek Networks SRL PSIM-01 Ed.1 rev.0/01.09.2021