Information Security Policy

The present era is often referred to as the “Information Age”. We have witnessed a tremendous shift in the way people produce, store, and exchange information. Moreover, the ways in which we interact with one another have radically changed, not only as individuals but also within and between institutions, societies, and nations. We have gained significant benefits from this new era, which at the same time brings with it profound challenges in the areas of security and privacy, reflected in the development of legislation worldwide regarding information preservation.

The company “Automation System Hellas” (also referred to as “AS Hellas”) has a moral, legal, and professional duty to ensure that the information it holds complies with the principles of confidentiality, integrity, and availability. We must ensure that the information we maintain or are responsible for is protected, where required, from improper disclosure, is accurate, timely, relevant, and is available to those who should have access to it.

To serve the above, “AS Hellas” recognizes the risks that threaten the security of the information generated and exchanged within the framework of its activities and provides all the necessary resources to protect its information.

This policy applies to and will be communicated to all personnel and third parties who interact with the information held by “AS Hellas” and the information systems used for its storage and processing. This includes, but is not limited to, any systems or data connected to “AS Hellas” data or telecommunication networks, systems managed by “AS Hellas”, mobile devices used to connect to 'A's networks or to store “AS Hellas” data, data over which “AS Hellas” holds intellectual property rights, data for which 'A' is the data controller or data processor, and communications sent to or from “AS Hellas”.

The commitment to Information Security and the prevention of incidents that could compromise it is implemented through the following specific steps:

• Protection of the resources and the information exchanged within the services of “AS Hellas” from any threat, whether internal or external, intentional or accidental,
• Systematic assessment and evaluation of risks related to information security, aiming at their proper and timely management,
• Secure procedures for the development and maintenance of applications, systems, and services,
• Data archiving, prevention of viruses and external intrusions, access control to systems, logging of all security incidents, and management of unexpected events,
• Continuous training and awareness of personnel on information security matters,
• Control of the information and data being transmitted and exchanged,
• Protection of the interests of “AS Hellas” and those who do business with and place their trust in it,
• Immediate and effective handling of security incidents and violations,
• Encouragement of internal communication regarding Information Security matters,
• Commitment to the strict implementation of Security Policies and all applicable national and European legislation.

“AS Hellas” is committed to the continuous effort to improve the protection of its information, in order to provide high levels of security to those who do business with it.

In addition, “AS Hellas” has developed and implements Information Security Policies covering issues such as Acceptable Use, Physical Security, Access Control, Remote Access Control, Partner and Supplier Security, Storage Media Management, Malware Protection, Cryptography Usage, and others.

Information security policies are reviewed at least once a year and whenever significant changes occur, in order to ensure their suitability, adequacy, and effectiveness.

Commitment

The following information security principles provide the governance framework for the security and management of AS Hellas's information.

1. Information must be classified according to the appropriate level of confidentiality, integrity, and availability, as well as in accordance with applicable legal, regulatory, and contractual requirements and AS Hellas’s information security policies. Personnel must ensure the proper classification of information, handle such information in accordance with its classification level, and comply with any contractual requirements, policies, procedures, or systems necessary to fulfil these responsibilities.
2. All users covered by the scope of this policy must handle information appropriately and in accordance with its classification level.
3. Information must be secure and available to those with a legitimate need for access, in accordance with its classification level. Therefore, access to information will be based on the principles of “least privilege” and “need to know”.
4. Information will be protected from unauthorized access and processing in accordance with its classification level.
5. Violations of this policy must be reported to the Information Security Officer.
6. Information security provisions and the policies that guide them will be reviewed regularly, including through the use of annual internal audits and penetration testing.

The information security policy of “AS Hellas” provides the framework through which these principles are taken into account. Its primary purpose is to enable all “AS Hellas” personnel to understand both the legal and ethical responsibilities related to information, and to empower them to collect, use, store, and distribute information in appropriate ways.

This policy constitutes the cornerstone of AS Hellas’s ongoing commitment to implementing and maintaining the highest security standards throughout the organization, as well as to strengthening and clarifying our information security processes. It has my full support, and I expect all “AS Hellas” personnel to share this commitment, to read the Information Security Policy, and to comply with it in the performance of their duties.