With its Policy on Information Security the Board of Directors aims to involve "Sirma Business Consulting" JSC to the core values and principles laid down in the Guidelines for the Security of Information Systems and Networks Towards a Culture of Security of the Organization for Economic Cooperation and Development, namely,
The staff, customers, suppliers, subcontractors and all other participants in the information sharing should be aware of the need for security of information systems and networks and to contribute to improving security.
All participants in the information exchange are responsible for the security of information systems and networks.
All participants in the information exchange must act promptly and cooperate with each other in order to prevent, detect and respond to security incidents.
The risks to information security should be assessed.
Security should be included as an essential element of information systems and networks.
Security should be achieved through the implementation of comprehensive management approach.
Security of information systems and networks should be reviewed and re-evaluated and if necessary to be brought changes in the Policy, procedures, practices and measures.
The implementation of this policy is essential to ensure the proper and uninterrupted performance of the provided IT services.
With the Policy on Information Security "Sirma Business Consulting" JSC aims to achieve the following:
With this policy the Board of Directors expresses its determination to introduce a comprehensive system for protecting information and related assets from any threats, both external and internal, regardless of whether they are intentional or unintentional, in the offices of "Sirma Business Consulting" JSC in the country, or outside the country at customers premises, as well as anywhere else the information is found and related to it assets of the Company.
The entire staff of "Sirma Business Consulting" JSC is responsible for the implementation of this Policy.
The Board of Directors is committed to providing the necessary resources and support the efforts of everyone involved in the information exchange to achieve this Policy.
The main directions of information security in which this policy will seek implementation are:
The Board of Directors has appointed the Executive Directors to organize the following:
In furtherance of this policy rules for its implementation in the following areas should be developed:
With this policy the Board of Directors takes responsibility to assign and require full implementation of the principles embodied in it for managing of information security in "Sirma Business Consulting" JSC. The executive directors will require its application in the daily work of the Company and will recommend it be updated to the Board of Directors.
The Board of Directors will periodically review this policy and if necessary make changes to ensure that it is suitable for the activities performed and that it continues to contribute to the reliable protection of the information in full compliance with all applicable legal requirements and voluntarily adopted ones.
The information security officer is called to assist the Executive Directors for the implementation of this policy by introducing and implementing the necessary rules, which are documented in the Manual, Rules and Instructions.
All participants in the information exchange are required:
All questions regarding this policy stakeholders might have should contact the Executive Directors and Information Security Officer, whose clarification and guidance are required to comply with exchanging information process with "Sirma Business Consulting" JSC.