Information Security Policy

 

The protection of information and their processing systems is of strategic importance to V + O Group in order to achieve its short-term and long-term goals and, at the same time, to ensure the confidentiality of customer data and information on and of clients receiving its services.

 

Recognizing the criticality of information and information systems in performing its operational functions, V + O Group implements an Information Security Policy aimed at:

 

• ensuring the confidentiality, integrity and availability of the information it manages
• ensuring the proper functioning of information systems
• timely handling of incidents that may endanger the operational functions of the Group companies
• meeting the legislative and regulatory requirements
• the continuous improvement of Information Security.

 

For this purpose:

• The organizational structures needed to monitor information security issues are defined.
• Technical measures to control and restrict access to information and information systems are being taken.
• The ways and procedures in which the information is to be classified according to its importance and value is defined.
• The necessary steps to protect information during the processing, storage and handling of information are described
• Ways and methods of informing and training the Group's employees and associates on information security issues are defined.
• Ways to deal with Information Security incidents are identified.
• The ways to ensure the safe business operations of the Group's in the event of information systems malfunction or disaster are described.

 

The V + O Group conducts regular information security risk assessments and takes the necessary measures to address any potential risk. It applies a framework for evaluating the effectiveness of Information Security processes, through which performance indicators are defined, their measurement methodology is described, and periodic reports are produced and then reviewed by Management in order to continuously improve the system.

 

The Information Security Officer is responsible for checking and monitoring information security policies and procedures, as well as for taking the necessary initiatives to eliminate all the factors that may endanger the availability, integrity and confidentiality of information of the Group.

 

All employees and associates with access to the Group's information and information systems have the responsibility to comply with the rules of currently applied Information Security Policy.

 

The V + O Group is committed to continuously monitoring and observing the regulatory and legislative framework and to continuously implementing and improving the effectiveness of the Information Security Management System.

 

Chief Executive Officer