Securitatea informațiilor (RO) - Information Security and Data Protection Policy (EN)

Securitatea informațiilor

OMNIASIG VIG a stabilit, documentat si implementat un sistem de management al securitatii informatiilor si un sistem de management al informatiilor private in conformitate cu cerintele standardelor SR ISO/IEC 27001:2018 si SR ISO/IEC 27701:2019.

Prin implementarea SMSI (sistemul de management al securitatii informatiilor) si PIMS (sistemul de management al informatiilor private), conducerea OMNIASIG VIG se angajeaza pentru:

  • satisfacerea cerintelor clientilor si a celorlalte parti interesate;
  • asigurarea infrastructurii si a unui mediu de lucru adecvat pentru desfasurarea corespunzatoare a tuturor proceselor;
  • asigurarea resurselor necesare pentru atingerea obiectivelor stabilite;
  • conformarea cu legislatia si cu reglementarile in vigoare, aplicabile activitatilor desfasurate in interiorul companiei;
  • imbunatatirea continua a performantelor si a conditiilor de munca, prin analize de management periodice;
  • imbunatatirea continua a eficacitatii sistemului de management al securitatii informatiilor si sistemului de management al informatiilor private;
  • protejarea informatiei impotriva oricarui acces neautorizat;
  • confidentialitatea, integritatea, disponibilitatea informatiei;
  • asigurarea continuitatii afacerii companiei.
  • respectarea legislatiei in vigoare privind securitatea informatiei;
  • raportarea catre RMSI a oricarei incalcari sau violari a securitatii informatiei si investigarea completa a acesteia;
  • resursele materiale, financiare si umane necesare;
  • cunoasterea, intelegerea, constientizarea si aplicare politicii de catre intreg personalul societatii;
  • analiza si dupa caz actualizarea politicii si obiectivelor securitatii informatiei si protectiei datelor atunci cand este necesar;
  • conducerea analizelor periodice referitoare la modul in care functioneaza SMSI si PIMS.

Avand in vedere importanta lor, informatiile si datele trebuie protejate eficient. O protectie eficienta a informatiilor, datelor si sistemelor informationale confera OMNIASIG VIG posibilitatea de a-si atinge mai bine si mai eficient scopul. O protectie neadecvata a informatiilor, datelor si sistemelor informationale afecteaza performantele afacerii si poate avea un impact negativ asupra imaginii, reputatiei si asupra increderii partenerilor si investitorilor.

Principiile prezentate in politica privind securitatea informatiilor si protectia datelor au fost dezvoltate de catre Directia Protectia Datelor si Securitate Corporativa al carei director este si responsabilul cu protectia datelor, pentru a se asigura ca toate deciziile si actiunile conduc la securizarea informatiilor, datelor si a sistemelor informationale din cadrul OMNIASIG VIG, ca natura confidentiala a informatiilor si datelor este prezervata si ca atributele informatiilor (confidentialitate, integritate si disponibilitate) sunt bine determinate si tinute sub control, dar si aliniate la cerintele specifice ale afacerii, ale activitatilor societatii si ale standardelor SR ISO/IEC 27001:2018 si SR ISO/IEC 27701:2019.

Utilizarea cotidiana a computerelor si a echipamentelor din cadrul OMNIASIG VIG  necesita aderarea la aceste principii si implica un proces de monitorizare pentru a confirma respectarea lor si a cerintelor standardelor, a celor de reglementare, statutare, contractuale si legale. OMNIASIG VIG implica intreg personalul in intelegerea si implementarea politicii de securitate a informatiilor si protectia datelor, respectiv in intelegerea si implementarea directivelor aferente.

Documentatia referitoare la securitatea informatiilor si protectia datelor este disponibila tuturor partilor interesate, la nivelul corespunzator, atat pe suport de hartie, cat si in format electronic si este revizuita periodic.

Cunoasterea si respectarea cerintelor sistemului de management al securitatii informatiilor si sistemului de management al informatiilor private de catre personalul OMNIASIG VIG si de catre personalul societatilor partenere sunt obligatorii, la nivelul corespunzator de acces si / sau interes.

 

Obiectivul major al politicii securitatii informatiilor si protectiei datelor este de a asigura continuitatea afacerii si de a minimiza riscurile prin prevenirea incidentelor si reducerea impactului lor potential.

Obiectivele generale privind calitatea si securitatea informatiilor si protectia datelor sunt:

  • Cresterea increderii clientilor in serviciile oferite de OMNIASIG VIG;
  • Cresterea competitivitatii serviciilor prin utilizarea de tehnologii si echipamente performante pentru activitatea de productie;
  • Dezvoltarea competentelor profesionale ale angajatilor;
  • Identificarea, analiza si evaluarea realista a riscurilor de securitate informationala;
  • Reducerea impactului negativ al unor potentiale riscuri informationale asupra activitatilor companiei;
  • Mentinerea certificarii sistemului de management al calitatii si securitatii informatiilor si dobandirea si ulterior mentinerea certificarii sistemului de management al informatiilor private de catre un organism de certificare acreditat;
  • Indeplinirea integrala a cerintelor de securitate aplicabile solicitate de parteneri;
  • Cresterea gradului de constientizare a importantei securitatii informatiilor si protectiei datelor in randul angajatilor;
  • Imbunatatirea continua a sistemului de management al calitatii si securitatii informatiilor si sistemului de management al informatiilor private;
  • Asigurarea de planuri si resurse pentru supravietuirea si revenirea in cazul unor situatii de urgenta;
  • Asigurarea unor canale eficiente de comunicare a incidentelor de securitate, reducerea si tratarea adecvata a acestora;
  • Minimizarea riscului deteriorarii si / sau distrugerii informatiilor prin prevenirea incidentelor de securitate si reducerea impactului potential al lor;
  • Protejarea resurselor informationale impotriva oricarui acces neautorizat;

Conducerea OMNIASIG VIG urmareste si raspunde de indeplinirea politicii privind calitatea si securitatea informatiilor si protectiei datelor cu caracter personal.

Autoritatea si responsabilitatea pentru stabilirea, implementarea si mentinerea sistemului de management pentru securitatea informatiilor (SMSI) si sistemului de management al informatiilor private (PIMS) sunt delegate reprezentantului managementului pentru securitatea informatiilor (RMSI).

Conducerea OMNIASIG VIG se asigura prin intermediul RMSI ca prevederile documentatiei sistemului de management pentru securitatea informatiilor si sistemului de management al informatiilor private sunt cunoscute, insusite si aplicate de intreg personalul.

Conducerea OMNIASIG VIG a aprobat documentul “Declaratia de Aplicabilitate” relevanta pentru sediile centrale ale companiei in conformitate cu cerintele standardelor SR ISO/IEC 27001:2018 si SR ISO/IEC 27701:2019.

Politica privind securitatea informatiilor tine cont de cerintele legale, regulamentare, statutare si contractuale din cadrul OMNIASIG VIG si este aliniata la contextul managementului riscului.

Information Security and Data Protection Policy

OMNIASIG VIG has established, documented and implemented an information security management system and a private information management system in accordance with the requirements of SR ISO/IEC 27001: 2018 and SR ISO/IEC 27701: 2019 standards.

By implementing SMSI (information security management system) and PIMS (private information management system), OMNIASIG VIG management is committed to:

  • meeting the requirements of customers and other stakeholders;
  • ensuring the infrastructure and an adequate working environment for the proper conduct of all processes;
  • ensuring the necessary resources to achieve the set objectives;
  • compliance with the legislation and regulations in force, applicable to the activities carried out inside the company;
  • continuous improvement of performance and working conditions, through periodic management reviews;
  • continuous improvement of the effectiveness of the information security management system and the private information management system;
  • protecting the information against any unauthorized access;
  • confidentiality, integrity, availability of information;
  • ensuring the continuity of the company's business.
  • compliance with the legislation in force on information security;
  • reporting to RMSI of any breach or violation of information security and the full investigation thereof;
  • the necessary material, financial and human resources;
  • knowledge, understanding, awareness and application of the policy by the entire staff of the company;
  • analysis and, as the case may be, updating the policy and objectives of information security and data protection when necessary;
  • conducting regular reviews on how SMSI and PIMS work.

Given their importance, information and data must be effectively protected. An efficient protection of information, data and information systems gives OMNIASIG VIG the opportunity to achieve its goal better and more efficiently. An inadequate protection of information, data and information systems affects the performance of the business and can have a negative impact on the image, reputation and trust of partners and investors.

The principles set out in the policy on information security and data protection have been developed by the Directorate of Data Protection and Corporate Security, the director of which is also responsible for data protection, to ensure that all decisions and actions lead to the security of information, data and information systems within OMNIASIG VIG, that the confidential nature of the information and data is preserved and that the attributes of information (confidentiality, integrity and availability) are well determined and kept under control, but also aligned with the specific requirements of the business, company activities and SR ISO standards/IEC 27001: 2018 and SR ISO/IEC 27701: 2019.

The daily use of computers and equipment within OMNIASIG VIG requires adherence to these principles and involves a monitoring process to confirm their compliance with the standards, regulatory, statutory, contractual and legal requirements. OMNIASIG VIG involves all staff in understanding and implementing the information security and data protection policy, respectively in understanding and implementing the related directives.

The documentation regarding information security and data protection is available to all the interested parties, at the appropriate level, both on paper and in electronic format and is periodically reviewed.

Knowing and observing the requirements of the information security management system and the private information management system by the staff of OMNIASIG VIG and by the staff of the partner companies are mandatory, at the appropriate level of access and/or interest.

 

The major objective of the information security and data protection policy is to ensure business continuity and to minimize risks by preventing incidents and reducing their potential impact.

 

The general objectives regarding the quality and security of information and data protection are:

  • Increasing customer confidence in the services offered by OMNIASIG VIG;
  • Increasing the competitiveness of services by using high-performance technologies and equipment for production activity;
  • Development of professional skills of employees;
  • Realistic identification, analysis and assessment of information security risks;
  • Reducing the negative impact of potential information risks on the company's activities;
  • Maintaining the certification of the quality and security of information management system and acquiring and subsequently maintaining the certification of the private information management system by an accredited certification body;
  • Full compliance with the applicable security requirements required by partners;
  • Raising awareness of the importance of information security and data protection among employees;
  • Continuous improvement of the information quality and security management system and of the private information management system;
  • Providing plans and resources for survival and recovery in case of emergencies;
  • Ensuring efficient channels for communicating security incidents, reducing and adequately treating them;
  • Minimizing the risk of damage and/or destruction of information by preventing security incidents and reducing their potential impact;
  • Protecting information resources against any unauthorized access;

The management of OMNIASIG VIG monitors and is responsible for the fulfillment of the policy regarding the quality and security of the information and the protection of personal data.

The authority and responsibility for establishing, implementing and maintaining the Information Security Management System (SMIS) and the Private Information Management System (PIMS) are delegated to the Information Security Management Representative (RMSI).

The management of OMNIASIG VIG ensures through RMSI that the provisions of the documentation of the management system for information security and the management system of private information are known, mastered and applied by the entire staff.

The management of OMNIASIG VIG approved the document “Declaration of Applicability” relevant for the company's headquarters in accordance with the requirements of the standards SR ISO/IEC 27001:2018 and SR ISO/IEC 27701:2019.

The information security policy takes into account the legal, regulatory, statutory and contractual requirements of OMNIASIG VIG and is aligned with the context of risk management.