Information Security Policy
At CodeTwo we put great importance on the protection of the company’s data, the data of our clients, as well as on the privacy of our employees, partners and clients/users. The security of information and of systems used to process that information is one of the key principles of quality offered by CodeTwo and a condition for the company’s continuous development.
In the changing legal and economic environment, ensuring data security is one of the primary responsibilities of all organizations. To guarantee an efficient and effective information security, it is necessary to establish an appropriate level of security culture and implement well-thought-out technical solutions.
In order to meet this objective and ensure compliance with the law (including the GDPR) and industry standards (including ISO/IEC 27001 and ISO/IEC 27018), we have decided to implement this Policy.
Information security at CodeTwo involves:
- ensuring confidentiality of information – the information is made available only to authorized persons;
- ensuring integrity of information – the information is accurate and complete;
- ensuring availability of information – the information is made accessible and usable upon a request from an authorized entity.
CodeTwo’s objective is to:
- guarantee an adequate level of security for the information, regardless of its form;
- ensure the proper and safe functioning of information processing systems;
- minimize the risks associated with intentional or accidental human activities that may result in negative consequences;
- seize opportunities that can improve the effectiveness of the information security management system;
- ensure that the information is processed and secured in accordance with applicable legal requirements and other obligations;
- ensure readiness for taking action in situations that are critical to the company's security, its interests, and to the information belonging or entrusted to the company.
The C-Level at CodeTwo supports the activities aimed at achieving the above objectives as well as provides the necessary resources and creates conditions for continuous improvement of the staff, work implementation methods, and ways of working with a client. The delivery of the objectives of the Information Security Policy is supported by a maintained and continually improved Information Security Management System (ISMS) that conforms to ISO/IEC 27001 and ISO/IEC 27018, with full involvement of all employees of the company in their work and their participation in activities resulting from the ISMS.