top of page

INFORMATION SECURITY POLICY

Stardat have controls to protect the confidentiality, reliability, and availability of information that is owned by or entrusted to them including all business and personal information. The intent of this document is to provide assurances to customers, potential customers, and any other interested parties that information in our companies custody is properly protected - and that the protections in place are consistent with appropriate compliance requirements.

Overview

 

Stardat provides software, consulting, and online services. The Board of Directors and management of Stardat is committed to preserving the confidentiality, reliability and availability of all the physical and electronic information assets throughout their organization to maintain legal, regulatory and contractual compliance and to safeguard business integrity and commercial reputation and to continually raise awareness of infosecurity considerations in all levels of employees and enrich the resiliency of the company's information systems. To achieve this, Stardat have implemented a Group-wide Information Security Management System (ISMS) in accordance with the international standard ISO/IEC 27001:2013 requirements. The ISMS is subject to continuous systematic review and improvement. In accordance with the ISMS, Stardat demonstrate their commitment to information security by:

 

  • Assigning dedicated personnel and allocating budget to security management.Implementing appropriate security technology and high-availability, recoverable systems and facilities.

  • Continually evaluating and improving procedures related to security.

  • The infosecurity policy principles will rely on a risk management system to identify, control, minimize or prevent the security risks liable to affect the information and information systems. 

  • Adopting and enforcing requisite policies and ensuring that employees are kept aware of the ISMS and their responsibilities towards it via communication and training programmes.

  • Striving to maintain compliance with all applicable legal and industry requirements.

  • Stardat uses security policies and standards to support business objectives within their information systems and processes. These policies and standards are implemented, communicated, and reviewed on a regular basis and reflect the executive management teams commitment to information security.

  • Policies and standards are in place to govern the protection of each company's information assets and any information assets of our customers (and others) that have been entrusted to Stardat.

  • The management considers all company managers and employees full partners in the effort to protect its information and expects them to cooperate in implementing this policy. 

Responsibilities

The following individual employees and company units are responsible to implement this security policy:

  • An infosecurity steering committee in charge of setting company infosecurity policies and procedures.

  • Chief Information Security Officer (CISO) responsible for the ongoing management of infosecurity issues in the company.

Activity Areas and Infosecurity Rules

In order to meet the management’s infosecurity responsibility and commitment, the following rules have been determined for each of the following activity areas:

  • Logical security is the main protective layer that is closest to the information stored in IT systems. CISO will determine the level of logical security required for the various components of these systems. An access authorization and control policy will be applied in keeping with employees’ roles and need to know basis.

  • Physical security will be implemented to prevent actions that could result in exposure, theft, modification or destruction of information, in line with the classification level of the information in question.

  • HR infosecurity principles have been determined in order to reduce the risks related to employee reliability issues, lack of employee awareness or deliberate attempts by employees to compromise the company’s information and information systems.

  • Secure development aspects are integrated in IT system development processes.

  • Purchasing and vendors.  Infosecurity aspects of communication and work with third parties and contractors are implemented.

  • Backup. The company has defined processes to ensure the reliability, integrity and availability of information in order to make sure that the various types of information in the company have been identified, and that the backup requirements for each type of information are defined according to information sensitivity.

  • Access control. Rules and principles for providing access to information systems and controlling we access have been determined.

  • Encryption mechanisms have been integrated in company systems in order to protect sensitive information against exposure and modification.

  • Remote access to the company’s network by employees and third parties will be enabled and controlled according to infosecurity guidelines.

  • Mobile devices. The company’s infosecurity principles and guidelines are implemented in order to ensure secure use of laptops and other mobile devices and prevent damage to the integrity, reliability, availability, confidentiality and survivability of information stored on company laptops and other mobile devices.

bottom of page