ANECT's information security policy
For ANECT, the goal of information security is to ensure suitable security for both our own information and the information provided by our clients and partners, in accordance with business interests and needs of our company, and to prevent unauthorized handling of information in all of its forms.
The key principles of information security:
- Top-management lays emphasis on ensuring both our own and the clients' information and binds themselves to ensure support and coordination when applying principles of information security or data protecting measures in individual divisions or links between them.
- The backbone of information security in ANECT is an efficient and reliable system for information security management (ISMS), which meets the requirements of the standards ISO/IEC 27001:2005 and ISO/IEC 17799:2005; it works as an integrated part of an already existing system of company management, which makes an effort to enforce efficient and adequate information security measures against existing security risks.
- The main goal of information security management system is to efficiently eliminate or lower the risks connected with possible integrity, accessibility or familiarity breach. Security measures are selelcted by analysis and risk-handling to ensure maximal efficiency of the system.
- ANECT's information security is defined by principles which are declared in this information security policy and in individual guidelines of quality management system.
- Secret information protection is a specific part of ISMS. SIP was created to meet the regulations of the law 412/2005 Sb. and associated legislative and is managed by idependent Security policy and other internal documentation. ANECT is authorized to handle secret information up to level Secret. SIP is controlled by a statutary agent authorized for SIP, who is also responsible for functionality of SIP.
- ANECT's security comitee is collective authority, which acts as ANECT representative in the field of information security. Security comitee ensures coordination of applying security principles and individual security measures.
- Security manager is the guarantor of application, management, administration and coordination of information security activities. At the same time, security manager is responsible for creating and updating of any IS documentation and all associated documents.
- Main developer of VIS (HP VIS) is responsible for systematic development of VIS, coordination of individual requests for changes in VIS and implementation of security in the development process and system changes.
- Secuirity administrator of VIS is responsible for functionality of all VIS subsystems, for administration and for enforcing of information security policy in individual systems of VIS and classrooms. The post of the Security administrator is held by authorized VIS administrators.
- The owners of information are responsible for stating requests for security of particular piece of data (information).
- Security auditor performs idependent control of information security policy principles, security goals, security measures compliance and process documentation fulfillment.
- All employees and users of VIS are obliged by principles defined in ISMS documentation. All employees and users are obliged to report all deviations from defined principles to the security manager.
