Information security policy
Disclaimer: this is an extract of the Prograils Information Security Policy.
Want to read the full version? Drop us a line, we will share it with you.
Prograils implemented the Information Security Management System (ISMS) to ensure the highest information security standards in our organization. We keep them through such activities as source code and developed components protection, as well as protection of data entrusted by our clients.
The ISMS is based on requirements of the ISO/IEC 27001 norm. We achieve the goals set in the norm through:
- personal engagement of our team in the maintenance of information security,
- modern technologies in our projects,
- spreading security knowledge among our team,
- compliance with the law,
- risk management,
- protection of assets by security measures based on risk analysis,
- constant improvement of implemented standards.
This policy applies to all the employees and contractors, as well as to any other person given access to information processed at Prograils.
The ISMS includes the following domains of our activity:
- building and development of IT systems,
- designing, building and development of web and mobile applications,
The ISMS was designed with regard to our approach towards processes and organizational culture.
Roles and responsibilities
Maciej Litwiniuk, Prograils’ CEO. In charge of documentation, maintenance and improvement of the ISMS. He also supervises the implementation of approved standards and coordinates internal audits.
Marta Wojciechowicz, Prograils’ COO. Responsible for the ISMS-related policies and processes, running security incidents register and internal audits..
Appointed by the management at Prograils, they run internal audits, recommend corrective actions and verify their implementation.
Employees and contractors
Bound by the rules of information security, they are obliged to report any incidents and improve the ISMS on a daily basis.
Monitoring, measurements, analysis and assessment
At Prograils: - we run internal audits that verify the state of security measures, - we control the course of security rules observance, - we conduct risk forecasts and analysis to apply relevant proceeding plans later on.
We review and update the ISMS documentation, which is subject to Admin’s approval. The complete list of processes and documents that constitute the documentation is featured in the full version of the Information Security Policy.
Relationships with suppliers / 3rd parties
We require signing non-disclosure agreements (NDAs) from all suppliers / 3rd parties who process our personal data and/or personal data belonging to our clients.
The Information Security Policy is an internal document and may be shared with clients.
Still want more details? Contact us for the full version of the Information Security Policy.