STRUCTURE AND MANAGEMENT – Adrem

Integrated Management and Regulations

“Quality means ensuring compliance when nobody is watching, and in such conditions it’s not an action, it’s a habit.”

OANA GRAMA

Integrated Management and Regulation Manager

The Adrem companies are operating based on integrated management principles, ensuring efficiency and increased adaptability.
The integrated management system covers all types of processes within the Adrem companies: main, secondary, support, quality-environment management, security at work and information security processes.

  • INTEGRATED MANAGEMENT OF QUALITY, ENVIROMENT AND SECURITY AT WORK
  • INTEGRATED INFORMATION SECURITY MANAGEMENT
  • STRUCTURE OF THE DOCUMENTATION
  • CERTIFICATES, PERMITS, APPROVALS

Adrem developed and implemented an Integrated Management System (IMS), to prove the capacity to develop products and to carry out services which constantly meet the requirements of its clients and to comply with the legal requirements and the industry regulations. Through the actual implementation of this Integrated Management System, Adrem intends to achieve constant improvement of its efficiency and to prevent the occurrence of non-compliances. The Integrated Management System complies with the SR EN ISO 9001:2008, SR EN ISO 14001:2005 and SR OHSAS 18001:2008 standards.

 

The general objective of the Quality Management System is meeting our clients’ requirements at the highest standards.

 

What is specific to the SR EN ISO 9001:2008 standard is that it promotes a process-based approach. An advantage of the process-based approach is that it ensures permanent control, both in terms of the connection between individual processes within the process system, and in terms of the mixture and interaction between them.

 

The general objective of the Environmental Management System is to control and mitigate any negative impact on the environment generated as a result of the activity conducted by the organization. ISO 14001 requires entities to determine environment-related aspects through an Initial Environmental Review, to establish objectives and targets and to draw up environmental management programs.

 

The specific objectives of the EMS are related to the need to observe the requirements of standards SR EN ISO 9001:2008, SR EN ISO 14001:2005 and OHSAS 18001,

and to respond accordingly to the legal provisions on quality and environmental protection which are in force in Romania.

 

ADREM places health and security at work in the centre of all of its decisions and business processes, as it believes that people are the most important investment in its companies.

 

The concern for the safety and health of its staff is one of Adrem’s fundamental characteristics, which will not be disregarded in favour of other business aspects. Moreover, the concern for health and safety at work is part of the business ethics of the companies and one of the factors contributing to excellent business results.

 

The processes of the Integrated Management System carried out in ADREM could be classified as follows:

  • main processes (processes which create added value and through which products or services are delivered to clients)
  • resource management processes
  • metering, analysis and improvement processes,
  • quality management processes, environmental management processes and occupational health and safety management processes, with general applicability
  • environmental planning process
  • operational control process
  • preparation for emergency situations and environmental monitoring
  • identification, evaluation and analysis of health-related aspects and occupational safety
  • operational control of actions with a potential impact on occupational health and safety
  • risk assessment, hazard identification and control, for the purpose of preventing accidents and illnesses

“Security is not a product. It’s a way of thinking and acting.”

Oana Grama,

Manager, Integrated Management and Regulations

 

Adrem’s objectives in terms of information security are aimed at managing security events and incidents and ensuring business continuity in emergency situations.

Our information security policy consists of adequate protection meant to reduce operational risk, increase profit and capitalize on business opportunities, as well as to ensure business continuity.

Administering information in compliance with the requirements of standard SR ISO / IEC 27001 ensures both the protection of ADREM’s best interests and the best interests of our partners – clients, providers etc.

The information security management system at ADREM covers the entire scope of activities and applies equally to everyone with access to any IT&C resource of the companies.

This policy concerns the following entities and users:

  • Employees of the Group with a definite or indefinite term employment agreement with access to the information and communication system;
  • Collaborators with access to the information and communication system;
  • Providers of the Group with access to the information and communication system;
  • Other individuals, entities or organizations with access to the information and communication system.

The objectives of the implementation of the information security management system within Adrem are the following:

  • minimizing losses caused by security incidents and ensuring business continuity
  • observing the legal requirements and regulations and contractual requirements with regard to information security;
  • implementing best practices in terms of information security;
  • proving compliance with the requirements of standard SR ISO / IEC 27001 and gaining the confidence of business partners concerning the confidentiality of processed information, through certification of the information security management system.

The Security Policies considered are the following:

  1. Electronic files created, sent, received or stored using our information and communication system, administered or under the custody and control of the Adrem Group may only be accessed by authorized employees within the companies, according to the Security Plan.
  2. For the purpose of administering the information and communication system and ensuring its security, only authorized personal can review or use information stored on or transmitted through the information and communication system. For the same purposes, it is possible to monitor user activity (for example dialled telephone numbers or visited websites).
  3. Users must report any weakness in the security system of computers within Adrem, any incident of potential wrongful use or any violation of this regulation.
  4. All information sent from outside the organization and all information from within it must remain confidential.
  5. Users must not try to access information or programs using any of the organisation’s systems for which they do not have explicit consent or authorization..
  6. Users of the information and communication system cannot disclose the information which they have access to or which they had access to as a result of a vulnerability of the system. This rule remains in force even after users are no longer in contractual relationships with the Adrem companies.
  7. Confidentiality of information submitted through third-party communication sources cannot be guaranteed. In such situations, users must make sure that all confidential information related to the Adrem companies are submitted so as to ensure their confidentiality and integrity.

The Adrem policy in terms of information security is communicated to all employees and stakeholders and is subject to periodical review, as required.