Information Security Policy

Policy Objectives

  1. To protect the information assets that Servana Managed Services processes, has access to, and to ensure the on-going maintenance of their confidentiality, integrity, and availability.

  2. To ensure controls are implemented that provide protection for information assets and are proportionate to their value and the threats to which they are exposed.

  3. To ensure we comply with all relevant legal, regulatory, contractual, and other third-party requirements relating to information security.

  4. To continually improve our Information Security Management System (ISMS) and its ability to withstand threats that could potentially compromise information security.

Scope

This policy and its sub-policies apply to all people (including contractors), processes, services, technology, and assets within the Servana ISMS scope statement.

Statement of Intent

Servana believes that despite the presence of threats to the security of such information, all security incidents are preventable. We are committed to achieving policy objectives through:

  1. Maintenance of an ISMS that is independently certified as compliant with ISO 27001
  2. Systematic identification of security threats and the application of a risk assessment procedure that will identify and implement appropriate control measures
  3. Regular monitoring of security threats and testing / auditing of control measures effectiveness
  4. Maintenance of a risk treatment plan that is focused on eliminating or reducing security threats
  5. Maintenance and regular testing of a Business Continuity Plan
  6. Clear definition of responsibilities for implementing the ISMS
  7. Provision of appropriate information, instruction, and training so that all employees are aware of their responsibilities and legal duties, and can support the operation of the ISMS
  8. Implementation and maintenance of all ISMS policies and procedures.

The implementation of this policy is fundamental to our success and must be supported by all employees and contractors who have an impact on information security.

The appropriateness and effectiveness of this policy, and the means identified within it, for delivering our commitments will be regularly reviewed by our company Directors. Violations of this policy may be subject to our Disciplinary policies. This policy is publicly available to interested external parties upon request.

looking after the confidentiality, integrity, and availability of your information is integral in everything we do

Sign by agreement of

Tass Skoudros, Managing Director

Date Version Status Signed
September 2020 1.0.0 Approved with agreement of the Managing Director