1. Purpose
Dekada komunikacije doo (hereinafter referred to as Dekada) hereby adopts an Information Security Policy which, as an umbrella document, represents a framework for managing the information security system. The Information Security Policy defines the basic principles and responsibilities related to managing the security of the information system.
Dekada's business activities depend on the proper functioning of the information system. The role of the information system is to improve employee productivity and business process efficiency, and information is considered a sensitive and key asset of Dekada.
The information security management system is established to protect information from threats that could compromise its confidentiality, integrity, and/or availability, ensuring business continuity, reducing business risk, and increasing revenue from business opportunities.
2. Goal
The objective of this Policy is to establish a framework for managing information system security that will reduce the impact of security incidents and protect information assets (information, information systems, documentation, data storage media, telecommunications equipment and devices, workplace, market position, employees), operational continuity, intellectual and material property, and legal and business interests from damage and loss caused by internal or external, intentional or accidental, fraudulent, misdemeanor and criminal actions for the purpose of protecting the continuity of Dekada's business.
2.1. Scope
All users of Dekada information system, employees, all persons temporarily performing work under a contract, and all external associates or partners of Dekada who come into contact with the information system resources are obliged to comply with the provisions of the Information Security Policy.
2.2. Responsibilities
All employees and external collaborators of Dekada are obliged to adhere to the principles and principles prescribed by this Policy and are obliged to report any observed security breaches or incidents.
Failure to comply with the provisions of the Information Security Policy by Dekada employees will be considered a breach of the employment contract, which may constitute grounds for initiating disciplinary proceedings, termination of the employment contract due to the employee's culpable behavior, or for extraordinary termination of the employment contract. Failure to comply with the provisions of the Information Security Policy by external associates and partners is considered a breach of contractual obligation, which may be grounds for termination or cancellation of the contract.
3. Principles of information security
The identification, assessment, analysis and treatment of risks form the basis for the proper functioning of the information security system. The risk of the information system is assessed at least once a year in order to identify changes in the forms of threats to the information system and to take into account changes in the organization itself. Dekada will base the assessment and treatment of risks on a methodology that is in line with legal and regulatory provisions, international standards and best global practices.
In order to prevent violations of confidentiality, integrity and availability, Dekada regulates the procedures for protecting information and data that are created, downloaded, processed, stored or forwarded to Dekada's information system resources, taking into account relevant legal, regulatory and contractual obligations.
Users of the information system must be familiar with the appropriate use of Dekada information system through documented instructions, protection methods and security measures from their scope of work.
In order to reduce the negative impact on resource allocation, hardware and software distribution and their maintenance, asset identification and location, and information system security, Dekada appropriately manages information system assets.
The information system must be protected in an appropriate manner, and for this purpose, adequate protection of persons, premises and property of the Dekada is provided, prevention of unauthorized physical and logical access, damage and disruption of premises, protection of information in networks and the accompanying network infrastructure and application services of the information system.
Business continuity management is one of Dekada's strategic interests in order to protect business processes from major disruptions or disasters and to recover from an unwanted event in the shortest possible time. To this end, Dekada will ensure reliable backup storage of key information resources and take all necessary measures to be ready to respond in a timely and competent manner to security incidents that may affect information system resources.
External collaborators of the Decade and relevant third parties who access the information system must be familiar with the provisions of this Policy, thereby formally accepting their share of responsibility related to maintaining an acceptable level of information system security.
In order to ensure compliance with and implementation of the above principles and support of UHPA's business objectives with efficient use of information system resources, Dekada will manage the information system taking into account Dekada's strategic direction, establishing an effective reporting system and ensuring compliance with legal, regulatory and contractual requirements as well as the requirements of international standards in the domain of information security system management.
4. Final provisions
This Policy will be available to all users of Dekada information system.
In Zagreb, January 9, 2024.