Information Security Policy
European Reliance identifies the necessity for protection of the information assets which are under the company’s ownership or under the company’s control and the obligation to comply with the Greek and European, legal and regulatory framework.
The Security Policy is a framework for the protection of information administered by European Reliance, providing guidance to the Organization on the administration and processing of the information. The Security Policy is a set of rules that describes the way that European Reliance administers and protects the company’s Information Assets. These rules define the role of each party in European Reliance, the parties’ duties, responsibilities and obligations.
As every society needs laws, regulations and directions to ensure the safety and proper flow of its operations, likewise every company/ organization needs a specific Security Policy (SP) that will ensure the trustworthy, organized and effective use of the Information Assets.
The purpose of this Security Policy is the SECURE, TRUSTWORTHY AND CONTINUOUS provision of services and products to the final customers or collaborating parties.
The Scope of the Security Policy is the establishment of a framework of general directions for the protection of the information of European Reliance, the implementation of which ensures to the Organization an accepted level of Security regarding the risk profile.
Moreover, the purpose of the S.P. is to set restrictions on the access and the use of personal computers, information systems, networks, electronic communication means and other relevant information means that are used for the storage and process of data, documents and software that European Reliance owns and uses with higher purpose the protection of availability, integrity and confidentiality of the information and information assets.
The Primary Objectives of the Security Policy are:
- The assurance of the confidentiality, availability and integrity of the information of European Reliance.
- The assurance of the rights of the natural persons that cooperate with European Reliance with the employees and insurance agents of European Reliance.
- The immediate detection of Information Security risks and their effective management.
- The immediate management of the Information Security incidents.
- The assurance of the proper function of the information assets.
- The constant improvement of the level of Information Security.
- The satisfaction of the regulatory and legislative requirements.
- The increase in the degree of awareness of the personnel for possible risks that could threaten the Information Security and the constant update of the best practices that must be implemented for their minimization.
For the above-mentioned reasons, European Reliance takes all necessary measures/controls on a technical and organizational level to ensure the integrity, availability and confidentiality of the processed information. At the same time, the company applies policies and procedures towards the following objectives:
- Determination of the organizational structures necessary for the monitoring of subjects relevant to the Security Policy.
- Determination of the technical measures/controls for the information and information systems control and access restriction.
- Classification of the information, according to their significance and value.
- Description of the necessary actions for the protection of information during the processing, storage and transfer.
- Determination of the training methods of the company’s employees and insurance agents regarding the Information Security.
- Determination of responses in cases of Information Security incidents.
- Description of the ways that ensure the safety of the business operations of the Company in cases of information systems dysfunction or in cases of disasters.
European Reliance completes risk assessments relevant to Information Security in regular intervals and takes all necessary measures to confront them. European Reliance applies a framework of assessment for the effectiveness of the Information Security processes, that defines the ratios, describes the calculation methodology and produces periodic reports, reviewed by the Organization’s Management for the system’s continuous improvement.
The Information Security Officer is responsible for the control and monitoring of the policies and procedures relevant to the Information Security Policy and the undertaking of all necessary initiatives for the elimination of arising risks that may threaten the availability, integrity and confidentiality of the information of European Reliance.
The total of the employees and insurance agents of the company with access to the company’s information and information systems is responsible to adhere to the rules of the applicable Information Security Policy.