Terms and Conditions
INFORMATION SECURITY AND DATA PROTECTION POLICY
E-ON INTEGRATION
Version 1.0. 1/7/2020
Our Company committed to the effective operation and continuous improvement of the Information Security and Privacy Management System in order to protect Confidentiality, Integrity and Availability according to the requirements of:
-
The ISO 27001:2013 Information Security Management System
-
The ISO 27701:2019 Privacy Information Management System
-
All applicable National, European and International Legislation
In view of the above:
-
Our company continuously designs, implements and improves Policies, Procedures, Technical and Organizational Measures regarding Information Security and Privacy
-
Provides training and awareness programs to employees and third parties involved in the operation of its Management Systems
-
Sets objectives and relevant KPI’s to measure the effectiveness of Management Systems
-
Provides the resources required to achieve the objectives it sets
-
Ensures that this policy is published on the website.
Specifically:
The goal of E-ON INTEGRATION’s Information Security Policy is to protect the Confidentiality, Integrity, and Availability of the data employed within our company while providing value to the way we conduct business. It applies to all users and all information under our company’s authority. Protection of the Confidentiality, Integrity, and Availability are basic principles of information security, and can be defined as:
-
Confidentiality – Ensuring that information is accessible only to those persons that are authorized to have access.
-
Integrity – Protecting the accuracy and completeness of information and the methods that are used to process and manage it.
-
Availability – Ensuring that information assets (information, systems, facilities, networks, and computers) are accessible and usable when required by an authorized person.
E-ON INTEGRATION recognizes that our business information is a critical asset and as such our ability to manage, control, and protect this asset has a direct and significant impact on our future success.
This document establishes the framework on which our information security management is conducted in order to ensure that we can efficiently and effectively manage, control and protect our business information assets and those information assets entrusted to E-ON INTEGRATION by its stakeholders, partners, customers and other third parties.
Purpose
The purpose of the E-ON INTEGRATION Information Security Policy is to describe the actions and behaviors required to ensure that due care is taken to avoid inappropriate risks to E-ON INTEGRATION, its business partners, its stakeholders and its customers or other third parties.
To whom does it apply
E-ON INTEGRATION’s Information Security Policy applies equally to any individual, entity, or process that interacts with any E-ON INTEGRATION Information Resource.
Responsibilities
At E-On Integration there are day to day controls of the processes and personnel by both the management team and the executive management who actively participate in the daily operations of the company. Concerning the Confidentiality, Integrity and Availability of all kinds of Information every person in the company regardless of their rank and position has their own participation and role based on clearly defined specific policies. Also there are special clauses included in their contracts.
Executive Management (BoD)
-
Ensures that an appropriate risk-based Information Security Management System is implemented to protect the confidentiality, integrity, and availability of all Information Resources collected or maintained by or on behalf of E-ON INTEGRATION.
-
Ensures that information security processes are integrated with strategic and operational planning processes to secure the organization’s mission.
-
Ensures that the Management Team is given the necessary authority to secure the Information Resources under their control within the scope of E-ON INTEGRATION’s Information Security Management System.
-
Designates Information Security Officer and delegates authority to that individual to ensure compliance with applicable information security requirements.
-
Ensures that the Information Security Officer, in coordination with the Management Team, reports to BoD whenever required on the effectiveness of E-ON INTEGRATION’s Information Security Management System or of any new requirements.
Information Security Officer (Member of the BoD)
-
Manages with the help of the Management Team compliance with all relevant statutory, regulatory, and contractual requirements.
-
Assesses after recommendations of the Management Team the risks to the confidentiality, integrity, and availability of all Information Resources collected or maintained by or on behalf of E-ON INTEGRATION.
-
Facilitates development and adoption of supporting policies, procedures, standards, and guidelines for providing adequate information security and continuity of operations.
-
Ensures that E-ON INTEGRATION has trained all personnel to support compliance with information security policies, processes, standards, and guidelines.
-
Ensures that appropriate information security awareness training is provided to company personnel, including any contractors.
-
Implements and maintains a process for planning, implementing, evaluating, and documenting remedial action to address any deficiencies in the information security policies, procedures, and practices of E-ON INTEGRATION.
-
Develops and implements procedures for testing and evaluating the effectiveness of the E-ON INTEGRATION Information Security Program in accordance with stated objectives.
-
Develops and implements a process for evaluating risks related to vendors and managing vendor relationships.
Management Team (Senior Managers)
-
Ensures compliance with applicable information security requirements.
-
Formulates, reviews and recommends information security policies.
-
Approves supporting procedures, standards, and guidelines related to information security.
-
Assesses the adequacy and effectiveness of the information security policies and coordinates the implementation of information security controls.
-
Identifies and recommends how to handle non-compliance.
-
Provides clear direction and visible management support for information security initiatives.
-
Promotes information security education, training, and awareness throughout E-ON INTEGRATION, and initiates plans to maintain information security awareness.
-
Educates their teams and staff on ongoing legal, regulatory and compliance changes as well as industry news and trends.
-
Identifies significant threat changes and vulnerabilities.
-
Evaluates information received from monitoring processes.
-
Reviews information security incident information and recommends follow-up actions.
-
Reports, to the Information Security Officer on the effectiveness of E-ON INTEGRATION’s Information Security Management System, including progress of remedial actions.
All Employees, Contractors, and Other Third-Party Personnel
-
Understand their responsibilities for complying with E-ON INTEGRATION’s Information Security Management System.
-
Formally sign and agree to abide by all applicable policies, standards, and guidelines that have been established.
-
Use E-ON INTEGRATION’s Information Resources in compliance with all E-ON INTEGRATION Information Security Policies.
-
Seek guidance from the Senior Managers for questions or issues related to information security.
Policy
-
E-ON INTEGRATION maintains and communicates an Information Security Policy consisting of topic-specific policies, standards, procedures and guidelines that:
-
Serve to protect the Confidentiality, Integrity, and Availability of the Information Resources maintained within our company using administrative, physical and technical controls.
-
Provide value to the way we conduct business and support institutional objectives.
-
-
Our information security policy helps everyone to understand the value of the security measures, as well as the direction needed to adhere to the rules. It also articulates the strategies in place and steps to be taken to reduce vulnerability, monitor for incidents, and address security threats.
-
The information security policy in its entire width is reviewed no less than annually or upon significant changes to the information security environment.
Enforcement
Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.
Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.
This update and all documents related to it are periodically reviewed and revised, where necessary, by the Data Protection Officer in accordance with the Data Protection Policy.