INFORMATION SECURITY POLICY
1. Information security regulations (hereinafter – the Regulations) are the main document of Girteka group (hereinafter – Girteka) information security management system (hereinafter – the ISMS), which is approved by order of the CEO of Girteka. Parts of regulations and the ISMS documents can be made available to parties related to Girteka information in a form that is accessible and understandable to them.
2. The purpose of the regulations is to present the position of Girteka’s management regarding information security and to protect all verbal, written and electronic information received, sent, created, managed and used by Girteka from all possible threats: external, internal, intentional or accidental, which may affect the activities and image of Girteka.
3. In implementing the objective of the ISMS, the following information security goals are pursued:
3.1. To ensure and manage information security, taking into account Girteka’s operational (strategic) goals for transportation, logistics, forwarding and vehicle purchase/sale services;
3.2. To ensure and manage compliance with external and internal information security requirements by performing periodic compliance assessment and eliminating identified deficiencies;
3.3. To ensure the resolution of information security violations and the elimination of their causes, implementing information security incident management;
3.4. To ensure the appropriate selection and implementation of information security and processing measures, performing an annual risk assessment and implementing the Risk Management Plan;
3.5. To ensure the effectiveness of applied information security measures;
3.6. To ensure the adequacy of the Business Continuity Management Plan by periodically reviewing and testing it.
4. Information is a strategically important asset for Girteka’s operations, therefore, its loss, illegal alteration, damage, disclosure or termination of information processing may cause disruptions to Girteka’s operations. According to that, Information Security Policy establishes the basic guidelines that all Girteka employees, contractors and other related parties operating in the fields of transportation, logistics, forwarding and purchasing/selling of vehicles must follow to protect the information of Girteka and its customers.
5. The information security policy applies to all Girteka business processes related to transportation, logistics, forwarding and vehicle purchase/sale services, and includes verbal and written information, information systems, computer networks, physical environment, employees, related parties, partners, contractors, or other persons working at Girteka, including employees working for third parties and those legally processing Girteka information.
6. Information security includes three main aspects:
6.1. confidentiality of information – protection of information from unauthorised disclosure;
6.2. integrity – protection of information from unauthorised or accidental change;
6.3. accessibility – ensuring that information is accessible when it is required for proper performance of Girteka’s activities.
7.1. describe Girteka’s provisions for protection of its own and its customers’ information assets, i.e., confidentiality, integrity and accessibility of any form of information, as well as tangible (computer and communication devices, premises, etc.) and intangible (reputation, image) assets related to it;
7.2. determine the responsibility for information security;
7.3. provide references to the security documents that make up the ISMS.
8. The present Regulations shall be reviewed at least once a year.
9. The implementation of Girteka’s information security requirements is ensured and managed through consistent planning, implementation, evaluation and improvement of the ISMS in accordance with the requirements of the Lithuanian standard LST ISO/IEC 27001:2017.
10. The scope of Girteka ISMS certification includes: transportation, logistics, forwarding and vehicle purchase/sale services.
11. Information security management at Girteka is based on risk management. Information security risk assessment creates the conditions for information security management measures applied in Girteka’s operations to meet the main goals of Girteka’s activities and information security.
12. Girteka’s information security risk is assessed every calendar year according to the approved Information Security Risk Management methodology.