Information security
- Information security policy (hereinafter – Policy) is the main document of UAB Exacaster (hereinafter – Exacaster) information security management system (hereinafter – ISMS). ISMS documents and/or separate parts of it can be provided to parties related to Exacaster information for access.
- The purpose of the policy is to present the position of Exacaster management to information security and to protect all verbal, written, and electronic information received, sent, created, managed, and used by Exacaster from all possible threats: external, internal, intentional or accidental, which may affect the activities and reputation of Exacaster.
- To implement ISMS objectives, the following information security goals are set:
3.1. To ensure and manage information security, taking into account Exacaster strategic goals for IT infrastructure support and management; Cloud services management; Big data platform support and management; Data quality assurance and data exchange processes support and management;
3.2. To ensure and manage compliance with external and internal information security requirements by performing periodic compliance assessments and eliminating identified disadvantages;
3.3. To ensure the resolution of information security violations and the elimination of their reasons, implementing information security incident management
3.4. To ensure the appropriate selection and implementation of information security and processing measures, performing an annual risk assessment and implementing the Risk management plan;
3.5. To ensure the effectiveness of applied information security measures;
3.6. To ensure the adequacy of the Business Continuity Management Plan by periodically reviewing and testing it.
- Information is a strategically important asset for Exacaster operations; therefore, its loss, illegal alteration, damage, disclosure, or termination of information processing may cause disruptions to Exacaster operations. Due to that, this Information security management policy establishes the basic guidelines that all Exacaster employees, contractors, and other related parties doing business with Exacaster.
- The information security management policy applies to all Exacaster business processes related to big data and its management services, and includes verbal and written information, information systems, computer networks, physical environment, employees, related parties, partners, contractors, or other persons working at Exacaster, including employees working for third parties and those legally processing Exacaster information.
- Information security includes three main aspects:
6.1. information confidentiality – protection of information from unauthorised disclosure;
6.2. information integrity – protection of information from unauthorised or accidental change;
6.3. information accessibility – ensuring that information is accessible when it is required for the proper performance of Exacaster activities.
- Regulations:
7.1. describe Exacaster provisions for the protection of its own and its clients’ information assets, i.e., confidentiality, integrity, and accessibility of any form of information, as well as tangible (computer and communication devices, premises, etc.) and intangible (reputation, image) assets related to it;
7.2. determine the responsibility for information security;
7.3. provide references to the security documents that make up the information security management system.
- The ISMS documents must be reviewed at least once a year.
- The implementation of Exacaster information security requirements is ensured and managed through consistent planning, implementation, evaluation, and improvement of the ISMS in accordance with the requirements of the Lithuanian standard LST ISO/IEC 27001:2017.
- The scope of Exacaster ISMS certification includes: IT infrastructure support and management; Cloud services management; Big data platform support and management; Data quality assurance, and data exchange processes support and management.
- Information security management at Exacaster is based on risk management. Information security risk assessment creates the conditions for information security management measures applied in Exacaster business to meet the main goals of Exacaster activities and information security.
12. Exacaster information security risks are assessed every calendar year according to the approved Risk assessment policy.