The purpose of STM Cyber ​​Sp. z o. o. is:

 

Meeting the needs and expectations of customers in the area of ​​IT security services, protecting collected and processed resources and data.

 

To fulfill this declaration, STM Cyber ​​Sp. z o. o. has implemented an Information Security Management System that meets the requirements of the ISO/IEC 27001 standard and is based on a systematic approach to information security risk management.

 

This Information Security Policy defines the framework and principles for information security management within the Company. They are formulated as follows:

 

1. We are aware of the importance of information processed within the Company and will create conditions to ensure its security, including allocating appropriate financial resources for this purpose.

 

2. We are committed to meeting applicable legal, regulatory, and contractual requirements related to information security, with particular emphasis on personal data protection regulations.​

3. The scope of protection covers all information processed at STM Cyber ​​Sp. z o. o. in any form and at any location of the Company's operations, as well as all means of processing it.

 

4. Every employee and associate is responsible for information security within the Company at their respective job position.

 

5. The Company's Management Board supervises compliance with the Company's approved and applicable information security policies.

 

6. The Information Security Management System is subject to periodic assessment (internal and external audits and management reviews) to continuously confirm its adequacy, effectiveness, and efficiency, and to identify necessary improvement actions.

 

7. The Company's Management Board has established the following information security objectives:

a. increasing the level of knowledge of employees and associates in the field of information security;

b. continuously improving the usefulness, adequacy, and effectiveness of the Information Security Management System;

c. ensuring the continuity of the Company's operations;

 

d. Communicating to employees and associates the legal and disciplinary consequences for information security breaches;

e. Reporting and effectively handling incidents and non-compliances related to information security.

 

8. We learn and draw conclusions from mistakes; we are committed to continuous improvement of the Information Security Management System.

 

9. Detailed principles and procedures for specific areas of information security management within the Company are defined in the relevant regulations, procedures, and instructions related to this Policy.

 

 

This Information Security Policy has been approved by the Management Board of STM Cyber ​​Sp. z o. o. and communicated to employees and associates who are obligated to comply with them.