Information Security Policy

The protection of information and the information handling systems is of strategic importance to the Company in order to achieve its short and long term objectives and at the same time to ensure the confidentiality of the data of the customers receiving its services.

The Company acknowledging the criticality of the information and the information systems in the execution of its business operations, has adopted an Information Security Policy with the objective of:

Ensuring the confidentiality, integrity, and availability of the managed information.
Ensuring the proper operation of information systems
The timely response to incidents that may jeopardize the Company's business operations.
Meeting legislative and regulatory requirements.
The continuous improvement of the Information Security level.

For this purpose, the following are described:

The organisational structure necessary for monitoring issues related to Information Security.
Technical measures to control and restrict access to information and information systems.
The way in which information is classified according to its importance and value.
The necessary measures to protect information during the processing, storage, and handling stages.
The ways of informing and training the Company's employees and partners on Information Security issues.
Ways to respond to Information Security incidents.
The ways in which the Company's business operations are ensured in the event of a failure of information systems or in the event of a disaster.

The Company conducts Information Security risk assessments at regular intervals and takes the necessary measures to address them. It implements a framework for evaluating the Information Security procedures effectiveness, through which performance metrics are defined, the methodology for measuring them is described, and periodic reports are produced and reviewed by the Top Management, in order to continuously improve the system.

The Information Security Officer is responsible for controlling and monitoring the Information Security policies and procedures, taking the necessary initiatives to eliminate all the factors that may compromise the availability, integrity and confidentiality of the Company's information. All of the Company's employees and its partners with access to the Company's information and information systems are responsible for complying with the rules of the established Information Security Policy.

The Company is committed to the continuous monitoring and compliance with the regulatory and legislative requirements, and to the continuous application and improvement of the effectiveness of the Information Security Management System.