Security policy

The leader of detective solutions
in business trading

Complementary and functional security policy

The security policy is a set of rules and procedures, instructions, according to which the organization manages safety and protects its resources, including people, movable and immovable property, critical infrastructure, IT resources, confidential business information, know-how, etc.

It defines which resources can be protected, and by using of what means. This includes identification of potential types of security, scenarios of proceedings to avoid a repeat of the incident. It defines the correct and incorrect use of resources in the organization. It is important that the document is WRITTEN DOWN and known and understood by the employees. This also applies to all Customers of the organization who are users of these resources.

Therefore, based on the recommended models and standards in this field, we tailor solutions to the needs and specifity of the organization to give it the characteristics of reality and complementarity allowing for applying the provisions adopted in the practice taking into consideration the economic aspects of functioning of the organization.

Service proposed by us in the scope of development and implementation of Security Policy concerns the following issues: what is protected and how to protect critical resourcesmodel and safety scenarios, access control, authorization levels, mechanisms for identifying and ensuring the physical and system authenticity, events tracking.

Complementary Security Policy may cover following areas of the organization's activity:

  • Security and protection of the management of the company
  • Security and protection of key persons in the organization
  • Personal security, including the processes of recruitment and verification of employees
  • Security and protection of key Customers
  • Security and protection of key processes and resources
  • Tele-information security
  • Safety of personal data
  • Safety of confidential business information
  • Protection of classified information
  • Physical protection and technical security measures

Security policy of information

Security policy of information, except for manual of managing the ICT system, is one of the two documents, which each administrator of personal data must have.

 

The content of security policy is imposed by the Regulation of the Minister of the Interior and Administration on personal data processing documentation and technical and organizational conditions which should be fulfilled by devices and computer systems used for personal data processing. Obligation of having a policy results from art. 36 of the Act on the protection of personal data and is independent of the fact of registration of personal data file.

Remember that the Security Policy is your internal and confidential document. As a part of the services for the protection of information we carry out security audits of ICT systems and Internet portals (websites belonging to the Customer).

We increase the efficiency and ICT security by:

  • verifying usage of the Internet by employees (visited websites, amount of downloaded data, time spent using the Internet for non work-related purposes),
  • implementing business process management systems,
  • implementing systems controlling the flow of confidential data and systems protecting against data loss,
  • we draw up and implement Business Continuity Plan,
  • we inspect mechanisms and safety procedures.
  • We draw up, implement and audit Business Continuity Plans:
  • Information Security Management Systems compliant with the PN-ISO/ IEC 27001 standard
  • Quality Management Systems compliant with the PN-ISO/IEC 9001 standard.

BSA Śledztwa i Audyty Gospodarcze Sp. z o.o. Sp. k.
Spektrum Tower, 18 Twarda Street, floor 21., 00-105 Warsaw

In connection with the amendment to the provisions of the Act on detective services (link: http://prawo.sejm.gov.pl/isap.nsf/download.xsp/WDU20170000556/O/D20170556.pdf) and the information obligation arising from the aforementioned Act and the GDPR (link https://www.giodo.gov.pl/pl/569/9276), hereby we inform that pursuant to art. 28c. of the Act on detective services for processing personal data collected in the course of performing the activities referred to in art. 2 clause 1, the provisions of art. 13 section 1 and 2 and art. 15 paragraph 1 lit. a, c and g of regulation of the European Parliament and of the Council (EU) 2016/679 dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general regulation on data protection) (Official Journal of the EU L 119 of 04/05/2016, page 1, as amended) are not applied.

© 2013 – 2020 Business Security Agency. ALL RIGHTS RESERVED