​​​​​​​Information Security Policy

Introduction

BLUESTREAM SOLUTIONS s.S.A. has an extensive and robust Information Security Program that consists of a vast array of policies, procedures, controls and measures. This Information Security Policy is the foundation of this program.

Policy Statement

Information and physical security is the protection of the information and data that the Company creates, handles and processes in terms of its confidentiality, integrity and availability from an evergrowing number and wider variety of threats, internally and externally. Information security is extremely important as an enabling mechanism for information sharing between other parties. The Company are committed to preserving Information Security of all physical, electronic and intangible information assets across the business, including, but not limited to all operations and activities. We aim to provide information and physical security to:

• Protect customer, 3rd party and client data

• Preserve the integrity of The Company and our reputation

• Comply with legal, statutory, regulatory and contractual compliance

• Ensure business continuity and minimum disruption

• Minimise and mitigate against business risk

Purpose

The purpose of this document is to provide the Company’s statement of intent on how it provides information security and to reassure all parties involved with the Company that their information is protected and secure from risk at all times. The information the Company manages will be appropriately secured to protect against the consequences of breaches of confidentiality, failures of integrity, or interruptions to the availability of that information.

Scope

This policy applies to all staff within the Company (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company in Greece or overseas). Adherence to this policy is mandatory and non-compliance could lead to disciplinary action.

Objectives​​​​​

The Company have adopted the below set of principles and objectives to outline and underpin this policy and any associated information security procedures:

  • Information will be protected in line with all our data protection and security policies and the associated regulations and legislation, notably those relating to data protection, human rights and the Freedom of Information Act
  • All information assets will be documented on an Information Asset Register (IAR) by the IT Manager and will be assigned a nominated owner who will be responsible for defining the appropriate uses of the asset and ensuring that appropriate security measures are in place to protect it
  • All information will be classified according to an appropriate level of security and will only be made available solely to those who have a legitimate need for access and who are authorized to do so
  • It is the responsibility of all individuals who have been granted access to any personal or confidential information, to handle it appropriately in accordance with its classification and the data protection principles
  • Information will be protected against unauthorised access and we will use encryption methods
  • Compliance with this Information Security and associated policies will be enforced and failure to follow either this policy or its associated procedures will result in disciplinary action The IT Manager has the overall responsibility for the governance and maintenance of this document and its associated procedures and will review this policy at least annually to ensure this it is still fit for purpose and compliant with all legal, statutory and regulatory requirements and rules.