Information security policy

INFORMATION SECURITY POLICY

Company Group

PENKI KONTINENTAI

Date of Creation 2024-12-05
Status Approved
Company JSC “PENKI KONTINENTAI”

 

1. GENERAL PROVISIONS

1.1. The confidentiality, integrity, and availability of information are essential for the long-term sustainability of the business, reputation maintenance, and the legal and financial security of the organization. The Information Security Policy (hereinafter – “IS”) (hereinafter – the Policy) establishes the fundamental principles of information security applied across the entire activity of the PENKI KONTINENTAI GROUP OF COMPANIES (hereinafter – the Group).

2. GENERAL DESCRIPTION

2.1. All instructions, procedures, and regulations of the Group related to the storage, processing, and distribution of information within the Group, as well as the transmission of information to third parties, must be developed by:
2.1.1. The legal acts of the European Union and the Republic of Lithuania regulating information security and the processing of personal data, including the General Data Protection Regulation (EU) 2016/679 (hereinafter – “GDPR”);
2.1.2. Methodological guidelines of the State Data Protection Inspectorate and the European Data Protection Board, as well as other legal sources related to the processing and security of information;
2.1.3. Internal company documents.

3. COMPUTER AND SOFTWARE SECURITY

3.1. Acquisition of computer hardware and software should be carried out by approved acquisition procedures and taking into account the requirements for computer hardware and software (including information security).
3.2. Only authorized employees or responsible third parties shall operate the equipment, by the information protection policy, regulations, and procedures.
3.3. All critical systems and their components must be equipped with uninterruptible power supplies (UPS).
3.4. Employees responsible for equipment rental decisions must ensure that services are procured from a reputable company operating according to relevant standards. Service Level Agreements (SLAs) should be established to meet the needs and requirements of the Group.
3.5. Documentation for the equipment must be up-to-date, clear, and accessible to the personnel responsible for maintenance and repair.

4. NETWORKS AND TELECOMMUNICATIONS

4.1. The Group’s network must be designed and configured to ensure the necessary performance and reliability for the Group’s operations, as well as flexible provisioning and restriction of access rights and privileges to network resources.
4.2. The Group’s network must be managed by qualified specialists. New systems may be connected to the Group’s network to ensure reliability, performance, and security.

5. PHYSICAL SECURITY

5.1. Access to maintenance facilities and critical network infrastructure must be restricted to those employees of the Group who have been granted this right by the directive of their immediate supervisor.
5.2. Rooms containing computers and data storage must be protected against physical intrusion, theft, fire, flooding, and other risks.
5.3. Rooms containing computers and data storage must comply with established environmental requirements.

6. BUSINESS CONTINUITY PLAN

6.1. The Group’s management must initiate the development and regular testing of the Group’s business continuity plan.

7. MANAGEMENT OF SECURITY FOR PUBLIC NETWORKS AND ELECTRONIC COMMUNICATION SERVICES

7.1. To ensure the security of public networks and electronic communication services, and to prevent and manage incidents and integrity breaches, the Group implements organizational and technical measures, including:
7.1.1. Security systems have been implemented.
7.1.2. Logical protection of equipment.
7.1.3. Traffic data is processed only by authorized personnel.

8. ENFORCEMENT OF PROVISIONS

8.1. The policies must be regularly reviewed and updated by changes in legislation and the business needs of the Group.
8.2. The head of the Technology Department of JSC “Penkių kontinentų komunikacijų centras” is responsible for changes to the policies and their further development.
8.3. All employees of the Group are required to comply with the policies.