Statement for the Information Security Policy
The scope of information security is to protect the information assets of the firm, of clients and of partners, to ensure the going concern and reduce to a minimum the prejudices inflicted upon the firm by preventing and reducing to a minimum the impact of security incidents.
The Statement for the Information Security Policy is approved by the qualified lawyer and reflects the commitment of BARA A. CIPRIAN – LAW FIRM to the implementation and maintaining of an Information Security Management System by which we should be able to protect information assets of the firm against all threats, whether internal or external, deliberate or accidental. By the compliance with the standard SR ISO CEI 27001:2006, we assure ourselves that:
- the information shall be protected against unauthorized access;
- the confidentiality of the information shall be kept;
- the integrity of the information shall be kept;
- the availability of the information shall be ensured when the lawsuits of the firm imposes this;
- the applicable legislative and regulation requirements are fulfilled;
- the going concern plans shall be drafted, maintained and tested;
- the entire staff shall be trained in regard to information security;
- all real or suspected security incidents shall be reported to and investigated by the Information Security Manager.
Information security procedures have been implemented in order to apply this Security Information Statement.
The requirements of the firm shall be fulfilled in regard to the availability of the information and information systems.
The Information Security Officer (ISO) is directly involved in the fulfillment of the adopted information security policies, the supply of support and guidance for the implementation thereof.
Each employee of the firm is liable to adhere to this information security polity, be familiar with and apply the procedures from the Manual for Information Security Management.
The failure to observe the Information Security Policy shall imply the application of certain disciplinary measures (in case of employees) and the revocation of certain rights of access to the computer and information facilities.
The management undertakes a process of permanent improvement of the System for Information Security Management, the assurance of the resources necessary to fulfill the proposed objectives and the application of the policy on information security.
|Date||BARA A. CIPRIAN – LAW FIRM|
|28.08.2012||Lawyer Ciprian Bara|