Information Security Policy
POLICY
on Information Security
Consistently following the company’s strategy for continuous development, improving business processes, maintaining and enhancing the trust of business partners, meeting customer requirements, and taking into account the realities of modern life, VIK EAD Burgas pays special attention to issues related to information security.
The implementation and effective operation of a system for information security, cybersecurity, and confidentiality protection, as well as information security management, in accordance with the requirements of BDS EN ISO/IEC 27001:2023 and its continuous improvement, are the best guarantee for the protection of information resources and assets, managing these assets in a manner that supports corporate strategies, ensuring stakeholder satisfaction and the continuous improvement of the information security policy. In this regard, we set the following objectives, which we define as an obligation for the company’s management and all employees:
-
Strict compliance with applicable legal and regulatory requirements related to information security and achieving compliance with current Bulgarian and European legislation and other requirements in this area;
-
Ensuring the confidentiality, integrity, availability, authenticity, and non-repudiation of managed information, and the controlled protection of information resources, assets, and flows from direct and indirect threats, through an approach based on risk management for information and information assets;
-
Maintaining a highly qualified and motivated workforce to support the information security management system;
-
Ensuring effective cybersecurity measures, including people, processes, and technological solutions, which together reduce the risk of business disruption, financial losses, and reputational damage resulting from an attack;
-
Allocating resources to organizational and technical measures aimed at maintaining, periodically reviewing, and continuously improving the effectiveness of the implemented management system.
To achieve these objectives, the company has established conditions for strict compliance with the requirements of the information security management system and for the active participation of management and executive staff in its development and improvement.
As the EXECUTIVE DIRECTOR of the company, I DECLARE my personal commitment and responsibility to ensure that this policy is understood, communicated, implemented, and maintained at all levels of the company and to all stakeholders. April 1, 2025 EXECUTIVE DIRECTOR: