SECURITY POLICY

1. Purpose

This Information Security Policy is intended to ensure the Confidentiality, Integrity and Availability of the company's information by protecting assets, infrastructure, systems and human resources from any potential threat.

2. Field of Application

This policy applies to all the company's activities, in all geographical areas in which it operates, and covers:

  • All staff
  • Infrastructure and information systems
  • The services it provides
  • External partners, providers and third parties with accredited access to the company's information resources

3. Management Commitment

The company's management recognizes the importance of information security and is committed to:

  • For full compliance with ISO/IEC 27001:2022
  • To comply with all relevant legislative and regulatory requirements
  • To integrate security into the company's strategic and operational direction
  • For the continuous improvement of the Information Security Management System (SDAP)

4. Definition of Information Security

Information Security means:

  • Confidentiality: Only authorized persons have access to the information
  • Integrity: Information is kept complete and accurate
  • Availability: Information is accessible when required

5. Main Principles of the Policy

5.1 Physical and Logical Safety

The company implements measures to protect:

  • Of the facilities
  • Staff
  • Of the equipment
  • Of the documents
  • Information systems

5.2 Controlled Access

Access is only allowed to authorized personnel. Access control is based on:

  • In the role of the user
  • The need to access specific resources
  • In the company's security policy

5.3 Dealing with Risks

Risk assessment and management includes:

  • Analyze the shipment of each item
  • Identifying weaknesses and threats
  • Risk quantification and assessment
  • Selection of appropriate protective measures

5.4 Infrastructure and Software Security

The protection of the corporate network is achieved through:

  • Centrally managed protection systems
  • Automatic and regular malware updates
  • Coverage of:
    • Servers
    • Workstations
    • Remote Computing
    • Email servers

5.5 Education and Awareness

The Departments and Development managers take care of:

  • For the information and training of staff
  • To comply with the use of corporate resources
  • To spread a culture of safety

5.6 System Supplies & Extensions

All new procurements or system upgrades include:

  • Risk assessment
  • Integration of safety requirements
  • Technical and operational documentation

5.7 Business Continuity

The company has:

  • Approved Business Continuity Plan
  • Proven recovery processes
  • Continuous maintenance and updating of the plan

6. Approval and Date of Implementation

  • Policy approved by the SPARTAN Management.
  • Date of last revision: 31.01.2024
  • Next scheduled review: 27.12.2026
  • Version number: 3.0.

The policy comes into force from the above date and is mandatory for all employees, partners and third parties involved in the management of personal data.

Contact
40, Ag. Anargiron street Koropi, 194 00
17 D. Sechou & Antimachidou street, Athens, 117 43
info@spartan.gr
210 92 32 437

ΓΕΜΗ: 86872902000

facebook instagram twitter youtube linkedin tik-tok
Informations

Terms Of Use

Security Policy
Privacy Policy
Business Continuity Policy
Anti-Bribery Policy
Spartan Health and Safety Policy
Quality Policy
Environment Policy
Road Safety Policy

Code Of Conduct For Suppliers
Code Of Professional Conduct For Employees

Frequent questions

Sign up to receive Spartan news first
 
espa-banner
great-place-to-work-certified
e banner EL