Information Security Policy
SFS Inc., recognizes the need to ensure the confidentiality, integrity and confidentiality of the information it manages against all internal, external, voluntary or unintentional threats.
The Information Security Policy is the framework for the protection of information managed by the company and the aim of the policy is to establish a framework of general guidelines, the implementation of which ensures an acceptable level of security commensurate with its risk profile. This policy is documented by the operation and continuous improvement of an integrated and effective Information Security Management System (ISMS), which complies with the requirements of the ISO-27001:2013 standard.
The scope of the Information Security Management System of the Company is «Software Design, Development, Installation and Support, Software As A Service (SAAS)» and was designed according to the needs and aspirations of the company and the legal and regulatory requirements of the current legislation.
The main objectives, as they are expressed in the procedures of the Company’s Information Security Management System, are:
- The creation of a basis for the continuous improvement of the efficiency of its processes, having as a guide the continuous satisfaction of the needs and the expectations of its customers to the maximum possible extent.
- Minimizing the number of incidents that may affect the continuity of business processes, as well as minimizing their impact.
- Compliance with legal and regulatory requirements related to information security.
- The continuous improvement of the system, in order to achieve the most effective management of the confidentiality, integrity and availability of its information.
- The continuous increase of the degree of information security achieved through the effective implementation of the system.
The management system is reviewed at regular intervals by the Management, in order to adapt to new needs and market developments, legal requirements, but also to achieve the goal of continuous improvement of the company’s operations.
The Management is committed to the provision of infrastructure, human resources and equipment that are deemed necessary to achieve the above objectives. Management is fully committed to the faithful implementation and continuous improvement of the ISMS, which complies with the requirements of ISO 27001: 2013 standard as well as with all existing legislation. The entire staff of the company involved in the activities and procedures described and related to Information Security has the responsibility to implement the Policy and the corresponding Procedures in its field of work.
The Management and all personnel are committed to the achievement of the goals of the company and to the observance of the principles in relation to Information Security.