SOLARITY BG
Information Security Policy
This policy applies to all employees, contractors, and third parties who have access to corporate information assets or are involved in processing, storing, transmitting, or managing information within our organization.
“Information Security” at “SOLARITY BG” LTD involves implementing a combination of technical, administrative, and physical controls to protect information assets and aims to safeguard against a wide range of threats, including unauthorized access, data security breaches, cyber-attacks, malware, internal threats, and other vulnerabilities that could compromise the security and reliability of information and information systems.
Our information security objectives are as follows:
- Protecting the confidentiality of information by ensuring that access is limited to authorized persons and preventing unauthorized disclosure.
- Ensuring the integrity of information by maintaining its accuracy, completeness, and reliability throughout its lifecycle.
- Ensuring the availability of information resources and IT systems to support the business strategy and stakeholder requirements.
- Compliance with applicable legal, regulatory, and contractual requirements related to information security.
- Managing current and anticipated risks and threats to information security by implementing appropriate controls and continuously improving our security posture.
- Promoting a security-conscious culture through training, awareness programs, and regular communication.
Information Security Management Principles at “SOLARITY BG” LTD:
Confidentiality: protecting information from unauthorized access or disclosure to preserve its privacy.
Integrity: ensuring the accuracy, completeness, and reliability of information by preventing unauthorized alteration or deletion.
Availability: ensuring timely and reliable access to information and IT systems by authorized individuals.
Risk Management: identifying, assessing, and mitigating risks to information security to protect against potential threats and vulnerabilities.
Compliance: adhering to applicable laws, regulations, and contractual obligations related to information security.
Awareness and Training: fostering a culture of information security awareness through training and education programs for all personnel.
Incident Response: establishing effective incident response procedures to quickly detect, respond to, and recover from information security incidents.
Business Continuity: developing and maintaining business continuity plans to ensure the availability and timely recovery of critical information assets and IT systems.
Least Privilege Principle: granting individuals access rights only necessary for their roles and responsibilities to minimize the risk of unauthorized access.
Monitoring and Continuous Improvement: regularly reviewing and enhancing information security measures to adapt to evolving threats and technologies.
Security by Design: integrating security considerations throughout the lifecycle of systems, applications, and processes—from design to implementation and maintenance.
Commitment: holding individuals accountable for their actions and ensuring compliance with information security policies and procedures.
Personal Data Protection: respecting the right to privacy and safeguarding personal data in compliance with relevant laws and regulations.
Collaboration: promoting cooperation and information exchange between stakeholders to improve overall security posture and address emerging threats.
Handling Exceptions and Deviations: established procedures and guidelines for addressing exceptions and deviations from standard information security practices to minimize risks and maintain the overall effectiveness of the Information Security System.
Assignment of Responsibilities: distribution of tasks, roles, or functions related to information security management.
We will achieve these objectives and principles through the maintenance and continuous improvement of the operating Management System in accordance with the requirements of ISO/IEC 27001:2022.
The management of “SOLARITY BG” LTD is responsible for the implementation and maintenance of the Information Security Policy and ensures full support in communicating it to stakeholders.
All heads of structural units are directly responsible for ensuring compliance with the Information Security Policy by all company employees.
The Information Security Policy is reviewed at least once a year during the management review.
When necessary and upon request, the Information Security Policy is made available to external stakeholders in an appropriate and company-approved manner.
27/08/2024