Information Security Policy

ORFIUM has adopted the Information Security Policy and is committed to the effective implementation and provision of resources for the improvement of the Information Security Management System (ISMS)

  • The Information Security Policy aims to ensure:
    • Continuous protection of information against unauthorized access.
    • The confidentiality of ORFIUM information, clients and partners.
    • The integrity of ORFIUM information, clients and partners.
    • The availability of information and business transactions.
    • Compliance with the legislative and regulatory requirements concerning ORFIUM.
    • The maintenance of an effective Business Continuity Plan.
    • The adequate training of the ORFIUM employees in information security issues.
    • The identification and investigation of potential information security breaches are reported to the Information Security Officer and are thoroughly investigated and dealt with in time and effectively.
  • Appropriate procedures and individual security policies are in place to support the policy, including technical and organizational measures of protection.
  • Compliance with the legislation and requirements of ISO 27001:2022 is ensured and with the ongoing monitoring of the implementation of the ISMS.
  • The Information Security Officer is responsible for maintaining the Information Security Policy and for providing support and advice in its implementation.
  • ORFIUM Top Management is responsible for the implementation of the Information Security Policy as well as for ensuring the compliance of the supervised personnel.
  • Compliance with the Information Security Policy is mandatory for all parties that have been or are cooperating with ORFIUM.
  • Any violations of the Information Security Policy are subject to disciplinary actions. The decision depends on the nature and impact of the violation.