INTEGRATED INFORMATION SECURITY MANAGEMENT
“Security is not a product. It’s a way of thinking and acting.”
Oana Grama, Manager, Integrated Management and Regulations
Adrem’s objectives in terms of information security are aimed at managing security events and incidents and ensuring business continuity in emergency situations.
Our information security policy consists of adequate protection meant to reduce operational risk, increase profit and capitalize on business opportunities, as well as to ensure business continuity.
Administering information in compliance with the requirements of standard SR ISO / IEC 27001 ensures both the protection of ADREM’s best interests and the best interests of our partners – clients, providers etc.
The information security management system at ADREM covers the entire scope of activities and applies equally to everyone with access to any IT&C resource of the companies.
This policy concerns the following entities and users:
- Employees of the Group with a definite or indefinite term employment agreement with access to the information and communication system;
- Collaborators with access to the information and communication system;
- Providers of the Group with access to the information and communication system;
- Other individuals, entities or organizations with access to the information and communication system.
The objectives of the implementation of the information security management system within Adrem are the following:
- minimizing losses caused by security incidents and ensuring business continuity
- observing the legal requirements and regulations and contractual requirements with regard to information security;
- implementing best practices in terms of information security;
- proving compliance with the requirements of standard SR ISO / IEC 27001 and gaining the confidence of business partners concerning the confidentiality of processed information, through certification of the information security management system.
The Security Policies considered are the following:
- Electronic files created, sent, received or stored using our information and communication system, administered or under the custody and control of the Adrem Group may only be accessed by authorized employees within the companies, according to the Security Plan.
- For the purpose of administering the information and communication system and ensuring its security, only authorized personal can review or use information stored on or transmitted through the information and communication system. For the same purposes, it is possible to monitor user activity (for example dialled telephone numbers or visited websites).
- Users must report any weakness in the security system of computers within Adrem, any incident of potential wrongful use or any violation of this regulation.
- All information sent from outside the organization and all information from within it must remain confidential.
- Users must not try to access information or programs using any of the organisation’s systems for which they do not have explicit consent or authorization..
- Users of the information and communication system cannot disclose the information which they have access to or which they had access to as a result of a vulnerability of the system. This rule remains in force even after users are no longer in contractual relationships with the Adrem companies.
- Confidentiality of information submitted through third-party communication sources cannot be guaranteed. In such situations, users must make sure that all confidential information related to the Adrem companies are submitted so as to ensure their confidentiality and integrity.
The Adrem policy in terms of information security is communicated to all employees and stakeholders and is subject to periodical review, as required.