The information security policy (hereinafter referred to as the Policy) is the main document of UAB Adwisery (hereinafter ADWISERY) information security management system (hereinafter – ISMS), which is approved by order of the director of ADWISERY. Parts of the policy and the ISMS documents can be transmitted to the parties related to ADWISERY information in a form that is accessible and understandable to them.
The purpose of the Policy is to present the position of ADWISERY management regarding information security and to protect all verbal, written and electronic information received, sent, created, managed, and used by ADWISERY from all possible threats: external, internal, intentional or accidental, which may have an impact on activities and image of ADWISERY.
The following information security goals are pursued to implement the main objective of the ISMS:
to ensure and manage information security, taking into account the activity (strategic) goals of ADWISERY;
to ensure and manage compliance with external and internal information security requirements by performing periodic compliance assessment and eliminating identified deficiencies;
to ensure the resolution of information security violations and the elimination of their causes by implementing the information security incident management process;
to ensure the appropriate selection and implementation of information security and processing measures, performing an annual risk assessment and implementing the Risk Management Plan;
to ensure the effectiveness of applied information security measures;
to ensure the adequacy of Business Continuity Management and Recovery Plans through their periodic review and testing.
Information is a strategically important asset for the operations of ADWISERY, so its loss, illegal alteration, damage, disclosure or termination of information processing may cause disruptions to operations of ADWISERY. In view of this, this Policy establishes the basic guidelines, which, in order to protect the information of ADWISERY and its customers, must be followed by all employees of ADWISERY, its contractors, and other related parties operating in project management, information technology management, information security management, risk management in the areas of management systems, information systems, and solutions implementation, maintenance, consulting and organization and implementation of training.
The Policy applies to all ADWISERY activity processes related to project management, information technology management, information security management, risk management systems, implementation of information systems and solutions, maintenance, consulting and organization and implementation of training services and includes verbal and written information, information systems, computer networks, physical environment, employees, related parties, partners, contractors, or other persons working for ADWISERY, including employees working for third parties, who legally process information of ADWISERY.
Information security includes three main aspects:
confidentiality – protection of information from unauthorized disclosure;
integrity – protection of information from unauthorized or accidental change;
accessibility – ensuring that information can be accessed when it is needed to properly perform the activities of ADWISERY.
The Policy:
describes the process of ADWISERY designed for protecting the company and customer information assets, i.e. confidentiality, integrity, and availability of any form of information, as well as material (computer and communication devices, premises, etc.) and intangible (reputation, image) assets related to it;
determines responsibility for information security;
provides links to the security documents that make up the ISMS.
The Policy must be reviewed at least once a year.
The implementation of UAB Adwisory information security requirements is ensured and managed through consistent planning, implementation, evaluation and improvement of ISMS, following the requirements of the Lithuanian standard LST ISO/IEC 27001:2017.
ISMS certification area of ADWISERY includes project management, information technology management, information security management, risk management systems, implementation of information systems and solutions, maintenance, consulting and training organization and implementation activities.
Information security management at ADWISERY is based on risk assessment and management. Information security risk assessment creates the conditions for the information security management measures applied in the activities of ADWISERY to meet the main goals of the activities and information security of ADWISERY.
Information security risk of ADWISERY is assessed every calendar year according to the approved Information Security Risk Management methodology.
ISMS of ADWISERY is ensured by audit and certification procedures, during regular supervision audits. The issued certificate confirms that ISMS of ADWISERY meets the requirements of the standard.
ISMS of ADWISERY ensures the implementation of the requirements of international and Lithuanian Republic legal acts regulating information security, cyber security and personal data protection.