UAB “Pervesk“ Information Security Policy
I. This UAB Pervesk Information Security Policy (hereinafter - the Policy) defines the scope of information security of UAB Pervesk (hereinafter - the Company) and the information security objectives of the Company.
II. The scope of the Company's information security management system includes:
- Provision of electronic payment services to business and private customers;
- Provision of collection services;
- Issuance of means of payment;
- Issuance of payment cards;
- Providing a white label business management platform;
- Know Your Customer and money laundering prevention services;
- Services that are purchased from third parties, and;
- The Company's head office and its branch.
III. The Company undertakes:
- Ensure the confidentiality, integrity and availability of the services provided and all information managed by the Company; to manage the risk properly and have the confidence of stakeholders; to maintain, manage and continuously improve the information security management system in accordance with the requirements of the standard ISO / IEC 27001 (ISO / IEC 27001: 2013) (hereinafter - the Standard).
IV. The Information Security objectives are:
- Continuously improve the effectiveness of the information security management system in implementing Information Security Policy and its objectives;
- Allocate the resources necessary for the proper functioning of the information security management system;
- Ensure effective risk management and the use of appropriate risk management measures to manage the risk to an acceptable level through the annual risk assessment and the implementation of the risk management plan;
- Meet the needs of stakeholders, implement contractual obligations and applicable information security requirements;
- Ensure the competence and awareness raising of employees in the field of information security;
- Ensure the basic security principles of the provided services and all information managed by the Company;
- In the event of a breach of security of the information system, assess the damage caused, limit its consequences and take the necessary measures to eliminate it, ensure measures for business continuity;
- Regularly update the objectives of the information security management system;
- Regularly update the technical means used to ensure information security;
- Carry out regular audits of the Company's information security management system and eliminate discrepancies found during the audit.
V. Final Provisions
- This Policy is approved by the decision of the Board of the Company.
- The Board appoints an information security officer to ensure that the information security management system complies with the requirements of the Standard, to inform the Board about the effectiveness of the information security management system and to acquaint the Company's employees with the Information Security Policy.
- The Policy shall be made available to stakeholders in a form that is accessible and comprehensible to them.
- The Policy is reviewed periodically, at least once a year, and revised as necessary.