DATA PROTECTION
A1. General
It is the fundamental interest of Electool Hungary Kft. to protect the security of the company’s IT and other information resources, as well as high-value business-critical data.
Confidentiality, integrity and availability of information and information processes must be ensured by setting up identification and verification procedures and integrating them into the processes, with reviews done regularly.
Tasks related to the design, implementation, operation and audit of info-communication, IT and information systems used or managed by Electool Hungary must be performed in a way to ensure compliance with relevant legislation, and to be proportionate to risks arising from the failure of protection.
2. The scope of the information security system
2.1. Organizational security
To manage information security within the organization, we have set up a management framework system which is used to initiate and verify information security implementation.
We maintain the security of the organization’s information processing equipments and information assets, that are accessible for third parties, by providing a controlled access to such third parties to the information processing equipments of the organization.
Information security is maintained even in cases when we assign the responsibility of information processing to other organizations as subcontractors.
2.2. Classification and verification of assets
We maintain the right protection for the organization’s assets by ensuring the appropriate level of protection for information assets.
2.3. Human resource (staff) security
We make sure that users are aware of any threats and challenges to information security and that they are equipped with everything needed to adhere to the provisions of the organization’s security regulations during their daily work.
We also ensure that damages caused by security events and disruptions are minimized.
2.4. Physical and environmental security
We prevent the loss of, damage and threat to the information assets as well as the disruption of business operations by physically protecting the information assets against security threats and environmental hazards.
We protect information and information processing equipment from disclosure, modification or theft by unauthorized persons. Protective measures are introduced to minimize loss and damage.
2.5. Communication and operations management
We ensure the accurate and safe operation of the information processing equipment through compliance with and observance of documented operational procedures, verification of changes, minimizing the risks of system failure, protection against malware, continuous monitoring of information processing by the administrator, and security management of networks that extend beyond organizational boundaries.
2.6. Access control
Access to information and business processes is controlled on the basis of business and security requirements, ensuring that access control complies with the rules applicable to information dissemination and authorization.
2.7. Procurement, development and maintenance of information systems
Procurement of new information systems or enhancing existing systems are managed in a way to ensure that all information security principles are implemented.
2.8. Handling information security incidents
Incidents relating to information security are handled in the framework of a consistent and effective process, with the indication of responsibility relations.
2.9. Business continuity management
Our aim is to overcome disruptions of business operations and to protect critical business processes from the effects of major failures and disasters.
2.10. Compliance with requirements
It is our aim to avoid any violation of criminal, regulatory, legal or contractual obligations or security requirements. Therefore, we conduct a review of the information systems from time to time.
3. Auxiliary and supportive rules and policies
This is the top-level command, whose principles must be enforced by issuing other detailed regulations, internal rules (Information Security Guide) and procedures, implementation instructions or directives.