Information Security System Management Policy at CAR PARK SP. z o. o.
1. Purpose of the Policy
The purpose of the Information Security Management System Policy is to establish principles and procedures for protecting information that is key to the company's operations, in accordance with the ISO/IEC 27001:2023 standard. This policy aims to ensure the confidentiality, integrity, availability, and compliance with applicable laws in the context of information processed at CAR PARK SP. z o.o.
2. Scope of the Policy
The policy covers all information processed at CAR PARK SP. z o.o., regardless of its form (electronic, paper, or oral), as well as all systems, processes, technologies, and individuals with access to this information. The policy applies to all employees, associates, contractors, and third parties cooperating with the company.
3. Management Commitment
The company's management is fully committed to maintaining and continuously improving the Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2023. The CEO ensures appropriate resources and support for information security activities.
4. Information Security Goals
Maintaining confidentiality of information:
- Protecting information against unauthorized access.
- Ensuring that only authorized persons have access to information.
Ensuring information integrity:
- Protection against unauthorized data modifications.
- Maintaining the accuracy and completeness of information.
Maintaining information availability:
- Ensuring the availability of information and IT resources when needed.
- Minimizing the risk of interruptions in access to key systems.
Raising awareness of information security:
- Regular training and information campaigns for employees.
- Conducting testing and simulations to increase readiness.
Compliance with legal and regulatory requirements:
- Monitoring legal provisions regarding data protection.
- Compliance with guidelines on personal data protection (e.g. GDPR).
Minimizing the risk of security incidents:
- Quick identification of threats.
- Appropriate incident response procedures.
Managing risks associated with external suppliers:
- Evaluation of suppliers in terms of information security.
- Concluding agreements that clearly define information security responsibilities.
5. Information Security Incident Management
All information security incidents must be immediately reported, analyzed, and appropriately managed in accordance with incident response procedures. CAR PARK Sp. zoo is committed to minimizing the impact of incidents on its operations and taking corrective actions.
6. Access Management
Access to systems and information is granted based on the principles of "least privilege" and "need to know." Authorizations are regularly reviewed, and access is granted, changed, and revoked in accordance with approved procedures.
7. Training and Awareness Raising
All employees and associates are required to participate in regular information security and cybersecurity training. This training is designed to increase awareness of threats, best practices, and information protection responsibilities.
8.. Physical Protection
The Company uses appropriate physical measures to protect its information resources, including access control to buildings and premises, monitoring, and fire protection.
10. Business Continuity Management
The company has implemented a business continuity and disaster recovery plan to ensure the continued operation of key processes in the event of disruptions.
11. Monitoring and Policy Review
This Policy is reviewed regularly, at least once a year, and updated to ensure it remains aligned with current threats, technology and legal requirements.
Dariusz Pałka
President of the Management Board
