Information Security Policy
1. PURPOSE
Dekada komunikacije d.o.o. (hereinafter referred to as DK) establishes the Information Security Policy, which serves as a key document providing a framework for managing the information security system. This policy defines the fundamental principles and responsibilities regarding the management of the information security system.
The business operations of DK depend on the proper functioning of the information system. The role of the information system is to improve employee productivity and the efficiency of business processes, while information is considered sensitive and critical to DK's assets.
The information security management system is established to protect information from threats that could compromise its confidentiality, integrity, and/or availability, ensuring business continuity, reducing business risk, and increasing revenue from business opportunities.
2. OBJECTIVE
The objective of this Policy is to establish a framework for managing the security of the information system, aimed at mitigating the impact of security incidents and protecting information assets (information, information systems, documentation, data storage media, telecommunications equipment and devices, workplaces, market position, employees), operational continuity, intellectual and material property, as well as legal and business interests from harm and loss caused by internal or external, intentional or accidental, fraudulent, criminal, or illegal activities, to safeguard DK's business continuity.
2.1. Scope
All users of DK's information system, employees, individuals temporarily engaged under contract, as well as all external collaborators or partners interacting with the information system's resources, are required to adhere to the provisions of the Information Security Policy.
2.2. Responsibilities
All employees and external collaborators of DK are obligated to follow the principles and guidelines set by this Policy and are required to report any detected security vulnerabilities or incidents.
Failure to comply with the provisions of the Information Security Policy by DK employees will be considered a breach of the employment contract, which may lead to disciplinary action, termination of employment due to misconduct, or immediate dismissal. Non-compliance by external collaborators and partners will be regarded as a breach of contractual obligations, potentially leading to contract termination or cancellation.
3. PRINCIPLES OF INFORMATION SECURITY
The identification, assessment, analysis, and management of risks form the foundation for the proper functioning of the information security system. The risks to the information system are assessed at least once a year to identify changes in threats and to account for organizational changes. DK will base risk assessments and management on a methodology that complies with legal and regulatory requirements, international standards, and best practices.
To prevent the compromise of confidentiality, integrity, and availability, DK regulates the procedures for the protection of information and data created, received, processed, stored, or transmitted using DK’s information system resources, considering relevant legal, regulatory, and contractual obligations.
Users of the information system must be informed about the appropriate use of DK’s information system through documented instructions, protection methods, and security measures relevant to their work scope.
To reduce the negative impact on resource allocation, hardware and software distribution, and maintenance, asset identification and tracking, and the security of DK's information system, DK appropriately manages information system assets.
The information system must be adequately protected, including physical and logical access control, protection from unauthorized access, damage or disruption to premises, protection of information within networks and supporting network infrastructure, and application services of the information system.
Business continuity management is a strategic priority for DK to safeguard business processes from major disruptions or disasters and to ensure recovery following an unwanted event in the shortest possible time. To this end, DK will ensure reliable backup of key information resources and take all necessary measures to be ready to respond promptly and effectively to security incidents that may affect the information system's resources.
External collaborators and relevant third parties accessing DK’s information system must be informed of the provisions of this Policy, thereby formally accepting their share of responsibility for maintaining an acceptable level of information system security.
To ensure the compliance and implementation of the aforementioned principles, and to support DK’s business objectives while efficiently using information system resources, DK will manage the information system, taking into account DK’s strategic direction, establishing an effective reporting system, and ensuring compliance with legal, regulatory, and contractual requirements, as well as international standards in the domain of information security management.
4. FINAL PROVISIONS
This Policy will be available to all users of DK’s information system.
Zagreb, January 9, 2024.
Dario Đanić, Founder and CEO of Dekada komunikacije d.o.o.