1.The main provisions of the Information Security Policy of UAB InnoForce (hereinafter referred to as the “Information Security Policy”) is a document covering the Information Security Policy of UAB InnoForce and the main aspects of the Information Security Management System (hereinafter referred to as the “ISMS”).
2.The Information Security Policy shall be approved by order of the CEO of InnoForce UAB. Parts of this document may be disseminated to parties concerned with InnoForce UAB information in a form accessible and understandable to them.
3.The purpose of the Information Security Policy is to present the position of the management of UAB InnoForce with regard to information security and to protect all verbal, written and electronic information received, sent, created, managed and used by UAB InnoForce against all possible threats, whether external, internal, intentional or accidental, which may affect the activities and image of UAB InnoForce, as well as to protect the ISMS.
4.The implementation of the ISMS is aimed at the following information security objectives:
4.1. to ensure and manage information security in accordance with the (strategic) objectives of InnoForce UAB;
4.2. to ensure and manage compliance with external and internal information security requirements through periodic compliance assessment and remediation of identified weaknesses;
4.3. ensure the resolution of information security breaches and the elimination of their causes by implementing an information security incident management process;
4.4. ensure the appropriate selection and implementation of information security and processing measures through an annual risk assessment and the implementation of a Risk Management Plan;
4.5. ensure the effectiveness of the information security measures in place;
4.6. ensure the adequacy of Business Continuity Management and Business Continuity Plans through periodic review and testing.
5.Information is a strategic asset for InnoForce UAB and its loss, unauthorized alteration, corruption or interruption of information processing may cause disruption to InnoForce UAB’s operations. In this regard, this Information Security Policy sets out the basic guidelines to be followed by all employees, contractors and related parties of UAB InnoForce in order to protect UAB InnoForce information.
6.The Information Security Policy applies to all of InnoForce LLC’s business processes and covers verbal and written information, information systems, computer networks, physical environments, employees, related parties, contractors, or other persons working for InnoForce LLC, including employees working for third parties who lawfully handle InnoForce LLC information.
7.Information security covers three main aspects:
7.1. confidentiality of information – protection of information from unauthorized disclosure;
7.2. integrity – protection of information against unauthorized or accidental modification;
7.3. availability – ensuring that information is available when it is needed for the proper conduct of InnoForce UAB’s business.
8.Information Security Policy:
8.1. describes InnoForce UAB’s policy for protecting the confidentiality, integrity and availability of its information assets, i.e. hardware, software, premises and information;
8.2. establishes responsibility for the security of information;
8.3. provide references to the security documents that constitute the Information Security Management System (ISMS).
9.The information security policy shall be reviewed at least once a year.
10.The implementation of the information security requirements of UAB InnoForce shall be ensured and managed by consistent planning, implementation, evaluation and improvement of the ISMS in accordance with the requirements of the Lithuanian standard LST ISO/IEC 27001:2013.
11.The scope of InnoForce’s ISMS certification includes: corporate management consulting and technology strategy, IT systems design and architectural solutions, IT innovation, implementation of IT application systems, systems integration and maintenance (support), training of users of installed systems.
12.Information security management at UAB InnoForce is based on risk management. Information security risk assessment enables the information security management measures applied in InnoForce UAB’s activities to meet the main objectives of InnoForce UAB’s activities and information security.
13.UAB InnoForce’s information security risk is assessed annually in accordance with the approved Information Security Risk Assessment Methodology.