ORFIUM has adopted the Information Security Policy and is committed to the effective implementation and provision of resources for the improvement of the Information Security Management System (ISMS)
- The Information Security Policy aims to ensure:
- Continuous protection of information against unauthorized access.
- The confidentiality of ORFIUM information, clients and partners.
- The integrity of ORFIUM information, clients and partners.
- The availability of information and business transactions.
- Compliance with the legislative and regulatory requirements concerning ORFIUM.
- The maintenance of an effective Business Continuity Plan.
- The adequate training of the ORFIUM employees in information security issues.
- The identification and investigation of potential information security breaches are reported to the Information Security Officer and are thoroughly investigated and dealt with in time and effectively.
- Appropriate procedures and individual security policies are in place to support the policy, including technical and organizational measures of protection.
- Compliance with the legislation and requirements of ISO 27001:2022 is ensured and with the ongoing monitoring of the implementation of the ISMS.
- The Information Security Officer is responsible for maintaining the Information Security Policy and for providing support and advice in its implementation.
- ORFIUM Top Management is responsible for the implementation of the Information Security Policy as well as for ensuring the compliance of the supervised personnel.
- Compliance with the Information Security Policy is mandatory for all parties that have been or are cooperating with ORFIUM.
- Any violations of the Information Security Policy are subject to disciplinary actions. The decision depends on the nature and impact of the violation.