Information Security Management System Policy
At CodeTwo, we attach great importance to information protection, the protection of our clients’ data, and the privacy of our employees, partners and clients. The security of information and the security of systems used to process that information is one of the key elements of the functioning of our company, our services provisioning process, and our continuous development.
We are aware that the implementation of the highest information protection standards is key to ensuring information security. Our information security policy is a consequence of implementing standards resulting from:
- ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements,
- ISO/IEC 27018 Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors,
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
- The California Consumer Privacy Act of 2018 (CCPA) and other U.S. state data privacy laws,
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Our information security policy ensures:
- maintenance and continuous improvement of the Information Security Management System,
- information security and compliance of CodeTwo's activities with the law, in particular the provisions regarding personal data protection,
- continuity of services,
- risk analysis and assessment aimed at minimizing potential threats,
- management of information security incidents.
The implementation of the Information Security Management System Policy in our company relies on full involvement of all employees and the application of principles resulting from the implemented information security management system.
The company's C-level executives oblige employees to comply with the Information Security Management System Policy and provide the necessary resources to implement the requirements of this policy.