Information security management system
As part of BULATSA’s Integrated Management System (IMS), the Information Security Management System, implemented in accordance with ISO/IEC 27001, is designed to ensure:
- Compliance with the regulatory framework in the field of information security;
- Application of internationally recognized standards and best practices in information security;
- Regular review of methodologies, approaches, and criteria for identifying, analyzing, assessing, impacting, and accepting information security risks (including those with potential safety implications), aligned with the organization’s needs;
- Implementation and maintenance of technological solutions supporting the monitoring and enforcement of information security measures across BULATSA;
- Maintenance and periodic testing of business continuity plans;
- Establishment of rules and procedures for reporting, managing, and investigating vulnerabilities, events, and/or incidents related to information security, including those with potential impact on operational safety;
- Retention of appropriately qualified personnel to meet the needs of the Information Security Management System;
- A dedicated Network and Information Security Policy, which defines the objectives and overall framework of responsibilities for management and staff in ensuring compliance with regulatory requirements, provides strategic guidelines for assessing and managing information security risks, and confirms the organization’s commitment to the continuous improvement of the Information Security Management System.