Solwit’s Management Board is authorized to represent the company and to make decisions about the purposes and means of data processing in the organization. The Management Board ensures that the data processing at Solwit complies with the applicable legal provisions, in particular the provisions on the protection of personal data. Solwit’s Management Board is willing to constantly adapt the management process, information processing and quality of services provided to the level determined by recognized norms and standards, such as: PN-ISO/IEC 27001: 2017-06, PN-ISO/IEC 27002:2017-06, PN -ISO/IEC 27005:2014-01, PN-ISO 31000:2018.
Aiming to create information security management system that would guarantee the protection of data processed by Solwit and the security of information relevant to the implementation of the company’s strategic goals, as well as information that requires protection for other reasons – Solwit Board introduces the Information Security Policy. The Policy establishes the basis for creating and improving the information security management system and a sets general rules of conduct for all Solwit employees. At the same time, Solwit Board declares that these principles will be applied to third parties.
Confidential Information at Solwit is all data and records relating to the Solwit company and all partner and client data, owned by Solwit, for collaborative projects that have been marked as confidential. Data that is under special protection, is understood to be:
DEFINITION OF SECURITY
Solwit Information Security is understood to be:
Solwit management has implemented specific measures to ensure the security of information in the company. In addition, for the security policy, these terms have been defined:
RULES OF CONDUCT
Due to the nature of the company, Solwit places special emphasis on confidentiality of data in computer systems and information technology. The Information Security Policy defines specific regulations regarding the handling of data in these systems and the regulation relating to access of data. Presented below are examples of rules of conduct.
ACCESS TO CONFIDENTIAL DATA
Access to confidential data (successful or unsuccessful) on the servers is recorded.
If the PC station is a portable computer (laptop) it must be additionally secured (for example, using hard disk encryption – FDE).
Access to confidential data outside the company is only done using an encrypted channel (for example, VPN, access to e-mail via an encrypted protocol).
SECURITY OF DATA AND DATA CARRIERS
The company provides cyclical education of employees (full-time and contractors), in particular, in the field of information security.
Each new employee undergoes training in the safety procedures of the company.
Staff, depending on their position, participate in trainings about data protection, awareness of safety issues, and specific aspects of security.
Staff executing tasks for a Client are required to complete training that is required by the Client.
Cyclical verification of the company security level and employee knowledge about safety policies.
INTERNAL CONTROL SYSTEM
Internal Control System (ICS) defines the rules for dealing with strategic goods within international trade. Term ICS defines the procedures for dealing with strategic goods that meet the requirements of international and national regulations and ensures proper supervision of goods requiring special care. This applies to HVI (High Value Inventory) goods, such as hardware and software, whose value is high, due to the innovative solutions and technical know-how they contain.
Rules of Conduct
COMPLIANCE WITH REGULATIONS
Solwit Internal Control System complies with the following national and international rules and regulations: