This policy refers to aspects related to the information security of TOTEM Communication company, headquartered in 27 Popa Soare Street, Bucharest 2, 023981, Romania, hereinafter referred to as “TOTEM”.
Vision
In the current and, especially, future circumstances and business environment, data security is essential to us, as well as to our Customers and Partners. This is why we undertake to protect our information and that of our Customers and Partners, to monitor, assess and improve the adequacy and effectiveness of this protection in terms of personnel, methods and assets, including hardware and software.
Mission
Ensuring the Company’s and Clients’ information confidentiality, integrity and availability in conditions of compliance with the legal, regulated and other undertaken requirements of information security, as well as in conditions of ensuring the functionality and availability of the IT assets, including hardware and software.
Area of Applicability
All information processing, transferring and storing activities and all relevant assets in all departments of the company, including hardware, software, storage media, documents and records.
Goal
The security policy adopted and implemented within S.C. Totem Communication S.R.L. constitutes the set of norms that must be known and complied with by all persons whose responsibilities are related to the use, administration and management of the information and communication resources of the company.
At the same time, the security policy has a consultative role in analysing and implementing security techniques, tools and mechanisms, as well as in supporting the actions of the technical personnel and the decisions of the company’s management factors in the field of information security.
This policy was approved by a decision of the S.C. Totem Communication S.R.L. management and constitutes the procedural and legal framework for applying the controls and measures aimed at reducing the security risks and vulnerabilities manifested within the company.
Information security is a team effort and requires the participation and support of all employees working with information systems. Also, information security must be taken into account in project management, regardless of the project type.
At the same time, the managers of the functional structures within the company are responsible for the implementation of this security policy, as well as for the initiation of the corrective and improvement measures, in accordance with the changes in the existing functional framework.
The employees who deliberately or negligently violate the security of information or produce events with such an impact will be subject to disciplinary action or even dismissal.
Objectives
The security policy has the following objectives:
– Ensuring the confidentiality, integrity and availability of the information conveyed within Totem Communication, including those belonging to other stakeholders (e.g. customers, suppliers, employees);
– Protecting against a large number of threats, throughout the entire life cycle of the information, to ensure business continuity, risks minimization and recovery of investment and business opportunities maximization;
–Identifying, analysing and treating information security risks to prevent or reduce unwanted effects and to achieve a continuous improvement;
–Increasing the employees’ degree of awareness regarding their information security responsibilities;
–Developing an information security culture integrated into the organizational culture.
Final decisions
To ensure the success of information security mission, the TOTEM Communication management established the Information Security Committee, as a management and specialty forum, where all the requirements, risks and news regarding security of information are analysed; based on this fact, the necessary measures, programs, rules and criteria, including this declaration and the documentation of the associated security system are determined.
As well, an Information Security Responsible (ISR) has been appointed; he/she is directly responsible for carrying out the Policy and providing support and guidance for its implementation.
The carrying out of the security policy planning and elaboration is followed by: its permanent consolidation and improvement; integration of security actions at the departmental level; analysis and monitoring of security incidents; periodic assessment and reporting of the security status at the company level; adapting of the policy and ensuring of the updating and compliance with the legal requirements; popularizing of security policies among employees; supporting of the functional structures managers in formulating their own information security plans.
Each person in management position within TOTEM Communication is responsible for the implementation and success of this policy in his/her area of management, including the involvement and performance in this regard of the subordinate staff.
A very high responsibility comes to all S.C. Totem Communication S.R.L.’ employees, as users, depending on the security levels received by each of them for access to resources, as well as to the external personnel performing activities for the benefit of the company. All of them have the obligation to protect the data and information they come in contact with, as well as the technological resources allocated to the use, in an efficient, ethical and legal manner. Irregular manipulation, violation, dissemination or abuse of the related information and resources constitute serious deviations that may, as the case may be, imply administrative, disciplinary, contractual and legal sanctions.
The information security policy will be analysed and reviewed whenever changes in the basic processes of the S.C. Totem Communication S.R.L. occur, and on this occasion the opportunities to improve the policy, the way of approaching the security and the security objectives and measures will be considered.
The security policy review is also carried out if, following the audit of the S.C. Totem Communication S.R.L. processes, there was evidence that the security strategy is inadequate or does not comply with the security policy.
The responsibility of reviewing the security policy comes to the Information Security Responsible.
The review of the information security policy must take into account the results of the management analysis in this field, respectively all the decisions and actions regarding: the improvement of the organization’s approach to managing the security of information and related processes; the improvement of security objectives and measures; the improvement of the allocation of resources and/or responsibilities.
The proposals regarding the security policy changing are endorsed by the Information Security Committee and approved by the S.C. Totem Communication S.R.L. management.