Pronet S.A. was established in 1992 and is considered today a strategic network security partner by numerous organizations of different sizes and footprint. The Company's core business activities are related to the implementation, maintenance and support of network infrastructure and applications that are necessary to protect the clients data. Within this context, Pronet S.A. recognizes the value of data protection in providing everyday support as well as the need to manage the risk concerning the confidentiality, integrity and availability of the data implicated to the services offered. This section, describing the Information Security Policy of Pronet S.A., is the Management's view regarding information security.
The Information Security Policy, including all relevant Procedures and Forms, is signed by the Company's Management and is communicated to Company's employees through internal distribution. The Management of Pronet S.A. supports the establishment of an Information Security Management System (ISMS), that will define a security framework to be applied as a control against accidental or deliberate actions, that may cause threat to the Company's and its clients information. The scope of the ISMS covers all the Support Services offered by the Company.
The establishment of an ISMS aims to provide a set of controls that will protect against internal and external threats as well as intentional or accidental actions, that are directed to specific information, carriers of information, or information sources.
By applying the ISMS Pronet S.A. aims to:
- Provide the best possible effort to preserve confidentiality, integrity and availability of all information according to their value and criticality for its operation.
- Comply with all regulatory, legal and contractual requirements.
- Educate, train and improve awareness on information security for all employees.
- Report, track and investigate any actual or suspected security incidents and breaches of this Policy.
For the administration of the ISMS, the company has appointed a Chief Information Security Officer (CISO) that works closely with the IT Manager and Service Delivery Manager.
Pronet S.A. Management is committed to:
- Ensure that information security goals are identified and meet the Company's requirements.
- The ISMS will be applied through its intended scope, in compliance with the ISO/IEC 27001:2013.
- Continuous improve the ISMS according to business needs, in order to ensure high level of effectiveness.
- Monitor through Management Reviews the completeness of the ISMS.
- Ensure the application of the ISMS according to all relevant laws, regulations and contractual requirements.
- Formulate, review, and approve information security policy.
- Provide clear direction and visible management support for security initiatives.
- Provide the resources needed for information security.
- Approve assignment of specific roles and responsibilities for information security within the Company.
- Initiate plans and programs to maintain information security awareness.
The preservation of Information Security is a Management's principle responsibility and a critical task. However, the everyday operation of the controls arising from this policy and concerning the secure operation of the Company is the responsibility and duty of all employees and third parties collaborating with the Company. Compliance of all personnel with the Security Policy is the most critical control, for safeguarding the Company's and its clients' information. All information technology and telecommunication systems, applications, equipment and data must be protected. To make sure that the level of exposure to related risks is acceptable, independent reviews of information security shall be initiated at regular intervals. These reviews will be carried out by individuals independent of the area under review. It is expected that all Pronet S.A. employees, contractors or third parties will comply with the requirements presented within the ISMS framework. Non-enforcement of any policy requirement does not constitute consent by the Company.