Information Security Policy
Code: P.ISMS.05.01
Version: 1st
Date: 13/10/2024
Confidentiality: Unclassified
Contents
- Purpose
- Reference Documents
- Commitment
- Scope of Activity
- Basic Terminology
- Objectives and Measurement
- Main Principles
- Responsibilities
- Document and Record Management
Purpose
- Definition of the purpose, direction, principles, and basic rules for information security management at VAKTRO ABEE.
- Applies to the entire Information Security Management System (ISMS).
- Applies to all employees and related external interested parties.
Reference Documents
- ISO/IEC 27001, Clause 4 and A.5
- SOA - Statement of Applicability
- F.POL-A.03 Threat Intelligence Strategic List 2026
- F.POL-A.12 Legal, Regulatory, Contractual and Other Requirements Register
Commitment
The management of VAKTRO ABEE is committed to the effective protection, preservation, and security of the information managed by the company in accordance with ISO 27001:2022 and ISO 22301:2019 principles.
Scope of Activity
Trading, distribution, installation, and technical support of medical technology equipment, information systems, analyzer interfacing and related accessories, as well as trading and distribution of IVD reagents and consumables.
Basic Terminology
- Confidentiality
- Integrity
- Availability
- Information Security
- Information Security Management System
Objectives and Measurement
- Improvement of customer image and reduction of damage from potential incidents.
- Alignment with strategy and corporate objectives.
- Annual review, measurement, analysis, and reporting of results to management.
Main Principles
- Regular risk assessment.
- Access restriction based on need and responsibility.
- Personnel training and awareness.
- Updating systems with the latest security updates.
- Monitoring the effectiveness of security measures.
Responsibilities
Implementation of this policy is the obligation of every member of VAKTRO ABEE. The DPO/ISMS officer coordinates the operational ISMS activities and top management performs at least an annual review.
Document and Record Management
- F.07.05 Controlled Documents and Records Register
- F.04.01 Operational Framework
- F.04.02 Operational Framework: Interested Parties
- F.04.03 Certification Scope
- F.A.05.02 Organizational Chart
- F.06.01 Risk Assessment
- PR.ISMS.09 System Review
Athens, Stavros Angelopoulos
Management of VAKTRO ABEE