Information Security Policy
General Information Security Objectives
The Eve Security general Information Security (IS) objectives related to the information security management system are as follows:
- Maintaining Integrity of Data and Security Assets
- Compliance with legislation and contractual requirements
- Maintaining a safe network (infrastructure and data)
- Maintaining Vulnerability Management
- Preventing Unauthorized Access
- Ensure business continuity by proactively limiting the impact of a security breach
- Ensuring immediate report of security flaws, breaches.
Specific IS objectives (derived from general), the fulfilment, deadlines and responsible persons, are set and monitored.
Objectives are monitored regularly and in accordance with set deadlines and business needs.
Principles of Information Security Policy
- Ensure the confidentiality of information and protect it from unauthorized access and misuse,
- Maintain the integrity of information to ensure its lasting accuracy and applicability,
- Make information and information systems available to interested parties in accordance with business needs,
- Build relationships and maintain communication with interested parties by understanding their context and needs and expectations of interested parties,
- Regularly carry out the identification, analysis, and assessment of information security risks,
- Plan and take actions based on the results of the regular information security risk assessment,
- Ensure information security awareness, education, and training for employees and other interested parties,
- Apply information security measures to ensure compliance with legal, regulatory, and contractual requirements, as well as other information security requirements,
- Ensure appropriate controls and continuous improvement by planning and achieving measurable objectives and monitoring the performance of the system and applied information security measures,
- Investigate and analyze security incidents and take appropriate actions to address the causes,
- Investigate and analyze security vulnerabilities and threats and take appropriate actions to address the causes of threats and reduce risks,
- Develop, maintain, and test recovery plans in order to prevent potential consequences of security incidents and to preserve business continuity if the incident occurs.
Commitment to Information Security Management
In order to meet these obligations and ensure the appropriate level of controls necessary to demonstrate compliance with the adopted processes, our policy is to maintain a functional and effective information security management system that is established, maintained and permanently improved in accordance with the requirements of the IT Security international standards.