Information group security policy. Confidential information

Processing confidential information, including information constituting trade secrets of our organization and a third party, is an important process related to the functioning of our company, affecting the services we offer and the organization of the company.

We believe that ensuring proper, efficient and effective protection of confidential information is possible by building an organizational culture appropriate for this purpose and applying security measures appropriate to the identified threats.

This information security policy regarding personal data, together with the established security standards, constitutes the fulfillment of the obligation indicated in Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and undisclosed business information (trade secrets) against their unlawful acquisition, use and disclosure and the Act of 16 April 1993 on combating unfair competition imposed on Nais as a service provider, contractor and business partner.

Aware of the responsibility for ensuring the security of confidential information and the consequences related to the breach of the security of confidential information processed by Nais, we declare our full readiness and support in the construction of a comprehensive Information Security Management System taking into account the processing of confidential information and supporting all activities aimed at ensuring the appropriate level of protection while taking into account threats.

We undertake to create a comprehensive Management System covering confidential information by:

• monitoring the organization and processes in order to maintain the appropriate level of protection of confidential information and compliance with legal regulations;
• monitoring threats and checking the susceptibility of the applied solutions to identified threats;
• identifying risks related to information security and applying adopted risk management standards;
• continuously improving the competences of employees in the scope related to the security and protection of confidential information;
• creating an organization and implementing procedures, instructions and processes focused on ensuring the security and protection of confidential information;
• designating roles in the processes of processing confidential information and assigning them appropriate tasks and competences;

We oblige all employees to constantly take care of the security of confidential information of all persons, regardless of the form and purpose of processing this data, in particular to apply the principles of this policy and the established information security standards.

Our primary goal is to maintain the confidentiality, availability and integrity of confidential information and to process it in accordance with the adopted principles and legal regulations, and in particular to maintain the highest security standards regarding the implemented processes and IT systems used to process confidential information in such a way that under no circumstances do our interests or the interests of our business partners violate them.