Information Security Policy

Doing business in our Company* requires a great deal of information processing and exchange, both internally and externally with customers, partners and other interested parties, to whom we help efficiently exploit their business opportunities, by transforming technology potential into business values, throughout our whole business scope, pursuant to our strategic orientation. To maintain the continuity of our business, it is important to take measures for the protection of information assets from all threats – internal and external, intentional and accidental – to the confidentiality, integrity and availability of information. That said, we commit ourselves to:

Invest in keeping information confidential, integral and available to all stakeholders according to their respective business needs. Also, do not allow any unauthorized access and misuse of information and focus on building relations and communication with stakeholders, understanding their needs and expectations related to our context.

Orchestrate our actions and decisions based on the results of periodic risk assessments. Report any and all security issues and incidents to the information security authorities in a timely manner, so as to explore and analyse the causes and mitigate information security risks. Measure our established goals and monitor the effectiveness of protective measures and the whole system to ensure an appropriate level of control and continual improvement.

Analyse and assess information security risks regularly at planned intervals. Test, develop and maintain disaster recovery plans and procedures. Information and systems make available. Organize adequate and timely education and training on information security to maintain awareness and competence among employees and other stakeholders. Name all the applicable security controls and apply them to ensure compliance with the legal, regulatory and contractual requirements, as well as other requirements we choose to follow.

To fulfil our obligations and ensure an adequate level of control and traceability needed to objectively make evident compliance with accepted processes, our policy is to maintain a functional and efficient information security management system implemented, maintained and improved in compliance with the ISO 27001 international standard. The information security management system, including accepted and approved policy with related documents, is published on the Company intranet accessible by all employees. This policy is regularly checked for adequacy to the purpose and context of the Company, and current revision is always available on Internet.

Rev 4, 2019-04-29
Plamenko Barišić, President  of the KING ICT Management Board

* The Company consists of affiliated companies: KING ICT Ltd., Zagreb (with subsidiaries: Service Centre Osijek, Service Centre Rijeka, Service Centre Split); KING ICT Ltd., Beograd; KING ICT Ltd., Sarajevo; KING ICT Ltd., Skopje; Smart Energy Ltd., Zagreb.