Tell me about new arrivals

Information Security Policies of IP Aleksandrov O.N. for Publishing in the Internet

The Status of the Document - for public use

1. General Terms and Conditions

IP Aleksandrov O.N. (hereinafter referred to as the “Company”) considers providing information security to be a necessary and obligatory condition of the Company activity. Any violation of information security can cause material damage to the Company, its customers and business partners, lead to serious consequences having a negative impact on the Company’s reputation and partnership, decrease its competitiveness and weaken or lose its position on the market.

   1.1 The purpose of the document

Document “Information Security Policies of IP Aleksandrov O.N. for Publishing in the Internet” (hereinafter referred to as the “Policies”) aims at providing guidelines, principles and regulations upon which the Company creates and manages its information security.

   1.2 The Document Application Areas

This document is issued for publishing on the website of store “Kamuflage.ru”.

   1.3 Who is the Document intended for?

This document is posted on the website of store “Kamuflage.ru” where all Internet users have access to it. The document presents the approaches used by the Company in providing information security.

2. Goals, objectives and principles of providing and managing information security in IP Aleksandrov O.N.

The concept of providing information security implies keeping its confidentiality, integrity and accessibility. The Company provides restriction and distribution of rights of access to confidential information in compliance with conditions of confidentiality on which the information was received by the Company. Only authorized users are entitled to have access to the information.   The Company undertakes to retain all data to the extend it was originally presented. Any amendments and additions to the available information can be made only by authorized and empowered users. The company undertakes to provide access to information in terms of the needed amount to authorized users in accordance with their rights and powers.

Goals of information security policies:

  • To manage the rights of accessibility, accessibility restriction to sensitive information, to retain its integrity and to provide its accessibility to all authorized individuals;
  • To provide authorized users with accessibility to all electronic services of the Company necessary for direct and distance access to sensitive information;
  • To control compliance of present legislation requirements in the information security area, and to comply with the relevant regulations and normative documents valid in the Russian Federation;
  • To control compliance between processes pursuing the goal of providing information security and business requirements of the Company;
  • To ensure credibility and loyalty between customers and the Company’s partners;
  • To set accountability measures for staff members who provide information security of the Company as well as to provide them with an appropriate and sufficient level of awareness.

3. Fundamental principles and approaches in providing information security of the Company.

3.1. The Company recognizes that information is an important asset that must be protected by all staff members irrespective of their positions, duties and responsibilities.

3.2. Access to the information that belongs to the Company is strictly regulated. Access is available only to individuals who use it for performing their job functions, official duties, contract obligations. Access to the information is provided only in a necessary and sufficient amount.

3.3. Any information (information resource) belongs to its owner who delegates authority to certain individuals entitled to have access to the information and who also distributes the rights of access for authorized users. The information owner bears responsibility for functioning of information security measures.

3.4. The Company provides its employees with training on information security.

3.5. The Company does internal auditing of information security.

3.6. The Company experts, who are responsible for information security, control compliance with the requirements and regulations on information security on all levels of the corporate hierarchy.

3.7. Information security measures are implemented following an assessment of existing risks and in compliance with mandatory requirements of Federal Act No. 152 “On Protection of Personal Data” and other legal acts regulating personal data processing in automated and non-automated information systems.

3.8. The estimation of information security risks within the Company is carried out as planned annually or whenever modernization of business processes and organizational changes in the Company structure occur.

3.9. The risk assessment implies specifying the amount of anticipated material damage or damage to the Company’s reputation resulting from implementing measures to address information security threats.

3.10. The cost of information security measures must not exceed the amount of anticipated damage resulting from implementing measures to address information security threats.

3.11. Information security management of the Company is carried out in compliance with international standards ISO 27001.

3.12. Success in the implementation of the present Policy objectives depends on strict compliance of the Company’s internal regulations on information security by all parties of business processes on all levels of the corporate hierarchy.

4. Policy Reconsideration Order

4.1. The Policy can be reconsidered in the event of any significant circumstances that may influence the information security condition of the Company. However, this may occur at least once every three years.



Комментарии