Policy on Information Security

POL.06 – Policy on Information Security
Classification: SOCWISE Public

As a Managed Security Service Provider our company’s mission is to deliver early detection and rapid response
capability through managed Security Operations Centre (SOC) service for our customers therefore minimizing
the business impact of a cyber security incidents. Due to the nature of our service customers have to transmit
or share in other ways their data for the provision of the service. It is our contractual and moral obligation to
provide appropriate protection for customer data, which complies with the requirements of the contracts
and the state-of-the-art technology. Establishing and maintaining information security is an element of our
success and through that we want to
• gain the trust of our customers and contribute to their success,
• ensure our resilient and stable operation,
• protect and strengthen our reputation,
• develop and maintain a security aware organizational culture and
• set an example for other actors as well.
Based on previous facts we are convinced that information created, processed, and used are valuable assets
and the damage or loss of these assets could severely impact our customers and our operations, violate laws
and contracts, and negatively affect the company. Our important goal is to implement and operate an
Information Security Management System (ISMS) based on ISO 27001:2013 International Standard.
As a SOCWISE Executive Management we are demonstrating our leadership and commitment by approving
the ISMS Policy, providing resources and signing this commitment to achieve the goals of the ISMS by taking
accountability for the effectiveness of ISMS and ensuring the followings:
• information security is supported through clear directions, and ISMS Policy as well as information
security objectives in line with SOCWISE mission and strategic directions,
• ISMS requirements and controls are integrated into our business processes and decision making as
appropriate,
• adequate financial and human resources are provided for the implementation and the operation of
ISMS,
• we communicate clearly on the importance of effective information security management and
conforming to the ISMS requirements,
• our ISMS achieve its intended results,
• all staff are encouraged to contribute to the effectiveness of the management system,
• continual improvement is actively driven and promoted,
• our information security policies, objectives and targets are, where appropriate, reflected in
requirements, individual responsibilities and operational responsibilities are delegated.

Author: Tamás Tóth Version: 1.0
Approved and reviewed by: Balázs IMRE, Péter Sajó Last modified date: 2021.07.07