Information security management system
As a part of the BULATSA Integrated Management System (IMS), the Information Security Management System, in accordance with the ISO/IEC 27001 standard, aims to ensure:
- application of generally accepted standards and good practices for the needs of the information security at BULATSA;
- a regular review of the methodology, approaches and criteria for defining, analysing, evaluation, impact and acception of the risks for the information security, tailored to the needs of the enterprise;
- implementation and maintenance of the respective technical solutions supporting the monitoring and the control of the compliance with the measures connected with the enhancing the information security at BULATSA;
- maintenance and periodically testing of the plans for continuity of business processes;
- maintenance of a system of rules for reporting, management and investigation of weaknesses and/or incidents connected with the information security;
- maintenance of suitably qualified personnel for the needs of the information security management system;
- identification and compliance with the legal and regulatory requirements connected with the information security;
The information security policy defines the objectives and the general framework of the obligations and actions of the employees regarding the compliance with the legal requirements to the information security, contents the strategic guidelines for evaluation and management of the risk for the information security and commitment for continuous improvement of the information security management system.