Information Security Policy
1. The management of STAFFINO s.r.o. is committed to meet the requirements of ISO / IEC 27001: 2013, to develop, implement and maintain an effective Information Security Management System (ISMS) for all levels of company management, which will be in accordance with internationally recognized standards.
2. The management of the company under the authority of the executive director is responsible for the training of employees to understand the importance of the Information Security Policy in the organization.
3. The management of STAFFINO s.r.o. is also responsible for the ongoing evaluation of the functionality and effectiveness of the ISMS, the adoption of objectives and policies for information security activities.
4. The management of the company is also responsible for taking adequate measures. It sets out the criteria for assessing risk and defines the structure of risk assessment.
5. The company achieves this goal through efficient, productive and stable operation of the company in accordance with valid legal regulations of the Slovak Republic, EU and standards and continuous improvement of its processes and application of the principle of prevention and prophylaxis.
6. The term information security means the process of ensuring the protection of information at the necessary level in terms of its confidentiality, integrity and availability.
7. In order to ensure our business goals and activities, or to meet legislative requirements, we create, process and maintain information of various kinds, which require ensuring its security.
8. The relevant statements, procedures and responsibilities for ISMS processes will be set out in STAFFINO’s documented procedure
9. Information Security Policy is mandatory for all employees. All company executives are required to enforce and apply this policy in practice and to take effective action in the development and implementation of ISMS.
The company’s information security policy is valid from the day it is signed.
Mgr. Tomáš Rosputinský