• Managing information assets, identifying security values, needs and risks of assets, developing and implementing controls for security risks
  • Define the framework within which information assets, values, security needs, vulnerabilities, threats to assets, and methods for determining the frequency of threats.
  • Define a framework for assessing the impact of threats to privacy, integrity, and accessibility on assets.
  • To set out the working principles for the processing of risks.
  • Continuously monitoring risks by reviewing technological expectations in the context of scope of service
  • To provide information security requirements arising from national or international regulations, legal and related legislation requirements, contractual obligations, and Company responsibilities to internal and external stakeholders.
  • To reduce the impact of information security threats to service continuity and to contribute to continuity
  • To have the competence to rapidly intervene and minimize the impact of information security events that may occur.
  • Maintain and improve the level of information security over time with a cost-effective control infrastructure.
  • To improve the reputation of the company, to protect against the negative effects of information security.