Information Security Policy - EKOME

EKOME

Ekome logo icon

Contact Us

iNFORMATION SECURITY POLICY

The Management of the National Centre for Audiovisual Media and Communication, a public limited company (EKOME S.A.) supervised by the Ministry of Digital Governance, recognizing the the necessity of safeguarding the information assets which are in the possession of or under the control of the The company is aware of the need to ensure the security of the information assets in its possession or control, as well as the obligation to comply with the Greek and European legal and regulatory framework. regulatory framework, has adopted the Information Security Policy.
The aim of the Security Policy is to establish a framework of general guidelines and Information Security Policy provides a framework for the implementation of an Information Security Management System (ISMS) in accordance with the requirements of the International Standard ELOT EN ISO 27001:2013, in order to define the way in which the EKOME manages and protects its Information Assets, specifying the role of each stakeholder in the Institution.
The Information Security Management System includes the organizational structure, the documents (policies, processes, procedures, guidelines and forms) and means required for implementation of the Information Security Management.
In this context, the Management of EKOME is committed to:
  • to comply with the requirements and continuously improve the effectiveness of the ISO 27001:2013 Quality Management System,
  • To comply with the regulatory and legislative requirements,
  • To the allocation of the necessary resources in order to ensure the uninterrupted, efficient and efficient and effective operation of the organisation,
  • to establish, monitor and regularly review specific and measurable quality objectives,
  • the continuous information, education and training of staff,
  • to investigate the satisfaction of the recipients of the services provided and to commitment to their full satisfaction,
  • to take appropriate corrective and preventive action to improve to improve the services provided.
The main objectives of the Safety Policy are:
  • Ensuring the confidentiality, integrity and availability of the ensuring the confidentiality, integrity and availability of the information it manages,
  • ensuring the proper functioning of information systems,
  • the timely response to incidents that may jeopardise the the protection of its customers' data,
  • the protection of its customers' data,
  • the management of the disposal of data no longer considered useful or have completed their life cycle,
  • increasing staff awareness of security risks information and information systems, and to keep staff informed of the risks to the security of information and best practices to be followed to minimise the likelihood of their occurrence,
  • meeting legislative and regulatory requirements,
  • continuously improving the level of Information Security.

In addition, the objective of the Information Security Policy is to set restrictions that
access to and use of computers, information technology and other information
systems, networks, electronic communication media and other related information
used for the storage and processing of data, documents and information
software held and used by the institution.

The purpose of the Security Policy is the SECURE, RELIABLE and UNINTERRUPTED provision of services and products to partners, customers and affiliates.
For this purpose:
  • The organisational structures required for monitoring issues are defined The organisational structures shall be established for the monitoring of information security-related issues and the management of the ISMS.
  • The technical measures to control and restrict access to information shall be defined and information systems.
  • The methodology for classifying information according to its classification shall be defined importance and value to the institution.
  • The necessary measures to protect information in the following areas shall be described stages of processing, storage and circulation.
  • he ways of informing and training employees and third parties shall be specified. and third parties working with the Entity, in matters of Information Security.
  • The ways of dealing with Information Security incidents shall be specified.
  • The ways are described in which the continuity of the the continuity of the operational functions of the Entity in cases of malfunction information systems malfunction or in cases of disaster.
In this context, the management shall define specific objectives, which shall be monitored and the achievement of which shall be reviewed at regular intervals, with a view to its continuous harmonisation with the market conditions, technological developments and applicable legislation.
The Information Security Officer (ISO) shall be responsible for controlling and monitoring policies and procedures related to Information Security and to take responsibility for the monitoring and control of Information Security policies and procedures and for the to eliminate all factors that may compromise the availability, integrity and confidentiality of information; and information assets of the Institution.
The EKOME shall ensure that all of its staff, customers and partners are are aware of the General Information Security Policy and that the applicable individual Policies are easily accessible. All those dealing with EKOME should consult the Information Security Policies of the institution for any action they take may affect the security and integrity of the Security Management System Information Security Management System (ISMS) and its Information Systems.