ISMS and TISAX PolicyJune 22, 2022
ElevenEs doo Subotica is a company whose primary job is battery manufacturing.
The purpose of the implemented Information security management system (ISMS) and Trusted information security assessment exchange (TISAX) is to ensure uninterrupted business, protection of confidential information regardless of its form, development of the organization, as well as raising customer satisfaction with the services provided and the quality of the service itself. The goal of information security is to secure and protect ElevenEs information assets from all internal or external, intentional, or accidental threats, through the establishment, implementation, application, monitoring, review, maintenance, and improvement of ISMS and TISAX as part of an integrated system management.
This policy provides a framework for establishing information security objectives, and guarantees:
- Continuous improvement of business and application of all information solutions,
- Maintaining the confidentiality of information,
- Providing access to information needed for service delivery and performance business activities,
- Prevention of unauthorized access to information, regular protection of data, software and Network infrastructure,
- Preserving the integrity of information through access control and privileges of users who give them approach,
- Restriction of access of suppliers to information that can be considered confidential,
- Continuous professional development and training of employees through training and education,
- Documenting, monitoring, and analysing incidents of all information security breaches,
- Compliance with all applicable legal, regulatory, and contractual obligations.
The management of ElevenEs is committed to the continuous improvement of the information security management system and ensure that this policy is distributed and explained to all employees and stakeholders, implemented, and regularly revised in order to continuously check suitability. The management of ElevenEs will conduct a management review at least once a year to ensure convenience, adequacy, and effectiveness of the policy, as well as other documentation of the information security system.
All employees are required to adhere to the procedures and rules defined in this Policy and other documentation of the information security management system and to contribute their own activities and behaviour of the effectiveness of the system and its constant improvement. Employees also must be aware of their responsibilities in the event of a breach of information security.