INFORMATION SECURITY POLICY
LLC «NOVA IT» is a company operating in the field of IT, including through the provision of engineering services for the development, implementation, support and development of software.
The implementation of these activities is related to the management of information which is one of the key assets of the Company.
The information security policy of the Company sets goals and objectives in the field of information security, which guide the Company in its activities.
As part of the overall management development, the Company implements the information security management system (hereinafter — “ISMS”) which complies with the international standard ISO/IEC 27001: 2013, requirements of the legislation of Ukraine, regulatory and contractual obligations of the Company in terms of information security.
In accordance with established procedures in the field of risk management, we carry out regular assessment of information security risks. It takes into account the probability of threats to information security and the degree of their impact on business processes, financial condition and business reputation of the Company.
The Company strives to identify, take into account and respond to information security incidents in accordance with established procedures.
The Company establishes protecting procedures for information systems from the consequences of significant failures or emergencies, ISMS performance monitoring.
The employees of the Company have access only to the information that is required for the performance of their functional duties.
In providing access to the information systems the Company is committed to the principle: “Everything that is not explicitly permitted is prohibited.”
The Company’s management carries out general management of information security and provides the necessary conditions for its development and comprehensive improvement.
The labor contracts and job descriptions of the Company’s employees establish liability for the safety of official documents and confidentiality of information that has become known by virtue of the performance of functional duties.
The management of the Company declares its approval of this Policy, which is announced, distributed, implemented and maintained at all levels of the Company.
The Company’s information security policy is a public document that can be made available to all interested parties and posted on the Company’s public resource.