Information Security Policy

The protection of information and the relevant processing systems is crucial for us to achieve our short-term and long-term goals and, at the same time, to ensure the privacy of our customers data.

Recognizing the critical value of information and information systems in the execution of our business functions, we implement an Information Security Policy with the aim of:

  • Ensuring the confidentiality, integrity, and availability of the information we manage

  • Ensuring the proper operation of information systems

  • Responding in a timely fashion to incidents that may jeopardize the business operations of the company

  • Meeting all legislative and regulatory requirements

  • Continuously improving the level of Information Security

For this purpose, we:

  • Define the organizational structures that are necessary for the monitoring of issues related to Information Security.

  • Define the technical measures for controlling and restricting access to information and information systems.

  • Determine the ways in which information is classified according to its importance and value.

  • Describe the necessary actions for the protection of information during processing, storage, and distribution.

  • Define the ways of informing and educating the employees and associates of the company in matters of Information Security.

  • Identify the ways of dealing with Information Security incidents.

  • Describe the ways in which business continuity is ensured in cases of malfunction of information systems or in case of disasters.

We make assessments of the risks related to Information Security at regular intervals and take the necessary measures to address them. We also implement a framework for evaluating the effectiveness of Information Security procedures, which includes defined performance indicators with a specified measurement methodology and the issuing of periodic reports which are reviewed by the Management in order to continuously improve the system.

The Information Security Officer is responsible for overseeing and monitoring Information Security policies and procedures and for taking the necessary steps to eliminate all those factors that could jeopardize the availability, integrity, and confidentiality of the company information.

All employees of the Company and its associates with access to information and information systems of the company are responsible for complying with the rules of the present Information Security Policy.

We are committed to continuously monitor and adhere to the regulatory and legislative framework and to consistently implement and improve the efficiency of the Information Security Management System.

Back to top
© ORCO S.A. Registered in Greece