DATA PROTECTION

A1. General 

It is the fundamental interest of Electool Hungary Kft. to protect the security of the company’s IT and other information resources, as well as high-value business-critical data.

Confidentiality, integrity and availability of information and information processes must be ensured by setting up identification and verification procedures and integrating them into the processes, with reviews done regularly.

Tasks related to the design, implementation, operation and audit of info-communication, IT and information systems used or managed by Electool Hungary must be performed in a way to ensure compliance with relevant legislation, and to be proportionate to risks arising from the failure of protection.

2. The scope of the information security system 

2.1. Organizational security 

To manage information security within the organization, we have set up a management framework system which is used to initiate and verify information security implementation.

We maintain the security of the organization’s information processing equipments and information assets, that are accessible for third parties, by providing a controlled access to such third parties to the information processing equipments of the organization.

Information security is maintained even in cases when we assign the responsibility of information processing to other organizations as subcontractors.

2.2. Classification and verification of assets

We maintain the right protection for the organization’s assets by ensuring the appropriate level of protection for information assets.

2.3. Human resource (staff) security 

We make sure that users are aware of any threats and challenges to information security and that they are equipped with everything needed to adhere to the provisions of the organization’s security regulations during their daily work.

We also ensure that damages caused by security events and disruptions are minimized.

2.4. Physical and environmental security 

We prevent the loss of, damage and threat to the information assets as well as the disruption of business operations by physically protecting the information assets against security threats and environmental hazards.

We protect information and information processing equipment from disclosure, modification or theft by unauthorized persons. Protective measures are introduced to minimize loss and damage.

2.5. Communication and operations management 

We ensure the accurate and safe operation of the information processing equipment through compliance with and observance of documented operational procedures, verification of changes, minimizing the risks of system failure, protection against malware, continuous monitoring of information processing by the administrator, and security management of networks that extend beyond organizational boundaries.

2.6. Access control 

Access to information and business processes is controlled on the basis of business and security requirements, ensuring that access control complies with the rules applicable to information dissemination and authorization.

2.7. Procurement, development and maintenance of information systems

Procurement of new information systems or enhancing existing systems are managed in a way to ensure that all information security principles are implemented.

2.8. Handling information security incidents 

Incidents relating to information security are handled in the framework of a consistent and effective process, with the indication of responsibility relations.

2.9. Business continuity management 

Our aim is to overcome disruptions of business operations and to protect critical business processes from the effects of major failures and disasters.

2.10. Compliance with requirements 

It is our aim to avoid any violation of criminal, regulatory, legal or contractual obligations or security requirements. Therefore, we conduct a review of the information systems from time to time.

3. Auxiliary and supportive rules and policies 

This is the top-level command, whose principles must be enforced by issuing other detailed regulations, internal rules (Information Security Guide) and procedures, implementation instructions or directives.