BSN & CO financial consulting and law office;
Herein information security is defined as protection of the following:
Confidentiality: Ensuring that information can only be accessed by authorised bodies;
Integrity: Ensuring that information and processing methods are correct and cannot be modified by unauthorised bodies;
Accessibility: Ensuring that authorised users can access the information and relevant sources as quickly as possible when needed.
The Information Security policy implemented by our company aims to increase security level of information systems by utilising goal-oriented and effective principles and policies.
Goals of Information Security include providing guidance for users on all levels to direct them regarding how to act during their use of Information Systems, increasing the level of user awareness and thus minimise potential risks in information systems, protecting reliability and image of our organisation, ensuring the contractual and statutory compliance vis-à-vis third parties, and ensuring that basic and complementary business activities of the company can be continued with minimum interruption.
The risk management framework of our company includes identification, assessment and processing of information security risks. The method of information security risk control is defined by risk assessment, certificate of feasibility and ISMS Plan.