The basic principle of the information security management system is the preservation and insurance of the confidentiality, integrity and availability of the information. The defence of information of the different companies is vital regarding their operation.
The ISO/IEC 27001 standard is the only controlled international standard which defines the requirements of the information security management system. We have defined and conduct our information security controls based on this standard, as well as the methods for securing the information of each our businesses.
Our entire activity is reviewed regularly. Those service elements which are classified as being in the danger zone are evaluated with significant care and we try to define which we are able to influence.
A risk assessment is made on the threats, weaknesses and other effects affecting our company which will define the rate of the risk and the basis for defining the required information security goals and processes.
We constantly monitor all legal and other requirements which are related to aspects of information security of our activities and services.
Review is conducted in case of any changes in the laws and regulations, application of new materials, modification of a technological process.
We reviewed the prepared risk analysis annually and the corresponding actions to be taken are determined.
We have also prepared, as further elements of the system operated by the standard, our internal norms – Security Procedure, Data and Information Management Procedure – which in details provide specific solutions for safe handling of data and information given to be charged for.
In accordance with the related regulations, considering the above, the data handling conducted by us is always reported to and ask to be registered by the Hungarian National Authority for Data Protection and Freedom of Information.