Information Security Policy
The Information Security Project in Balkan Lloyd is underpinned by our corporate Information Security Policy, which is considered as high policy for the security of information and information systems in Balkan Lloyd that ensures that information security is an integral part of Balkan Lloyd’s business. The policy outlines our management’s direction and commitment to information security, sets objectives and principles for information security, and defines Balkan Lloyd’s approach to managing information security in accordance with business requirements and relevant laws and regulations. The Information Security Policy applies to all Balkan Lloyd’s offices, covers all types of information and information systems, and compliance with it is mandatory.
Main Information Security Objectives and Principles
In its approach to information security Balkan Lloyd strives to support the corporate strategy and values as well as to ensure that appropriate safeguards are in place to preserve the confidentiality, integrity and availability of information. This enables Balkan Lloyd to maintain its information in a secure manner, reduce the risk and potential impact of disruptive events, support business continuity, comply with laws and regulations as well as to ensure that our customers’ information is treated with utmost care and confidentiality.
As such, our core principles are as follows:
- Effective governance with clear organization and well-defined roles and responsibilities is key to maintaining information security throughout all levels of the organisation. We have dedicated resources to information security for both overall governance and day-to-day operational management of information security.
- A risk-based approach to information security across the organization. We work towards continuous identification, assessment and mitigation of information risks across the organisation, implement prevention technologies and perform proactive monitoring of threats.
- Implementation of technical, procedural and organizational information security controls in alignment with best practices and standardization of the information security setup across the technical infrastructure.
- Resilience of our processing facilities and technical infrastructure to ensure availability of information systems.
- Collaboration with external information security partners to ensure that our security measures stay up to date and protect us from rapidly evolving cyber threats.
- Daily monitoring is performed for security to detect and respond to any type of security event on our systems and contain it before it escalates into a serious security incident.
- Clear business continuity and disaster recovery processes to minimise impact in case of a security breach.
- Continuous improvement of our information security capabilities across the entire spectrum.
Employee Awareness and Acceptable Use Policies
Our employees are our first line of defence for protecting Balkan Lloyd from potential information security threats and breaches. Therefore, we are running a our information security awareness project to foster a culture of information security and support correct security behavior among employees. The project is aimed at all employees in the company. Our goal is therefore to make it accessible, understandable and engaging to all employees regardless of their work area. To do this, we create regular memos, letters and hold competitions, organise simulated phishing exercises, write iintranet news articles as well as conduct mandatory e-learning covering various aspects of information security. Additionally, we have created and published an Acceptable Use Policy for our employees to ensure that they are aware of their responsibility when it comes to using and protecting the information of Balkan Lloyd and its customers.
We strive to communicate openly and transparently to our customers when it comes to information security. In Balkan Lloyd we have an internal IT compliance project driven by IT Compliance rules which provides IT assurance through offices, devices on a risk-based approach. Furthermore, we have engaged with our external data cloud and wed services providers to validate that we deliver on our information security promises to our customers. The assurance report/software updates is maintained on regular basis.