Chat with us, powered by LiveChat
Pervesk logotipas
Mokėjimų sąskaitos
API paslaugos
Kortelės
nauja
Apie musKainoraštisPrisijungti
lt
  • en
lt
  • en

UAB “Pervesk“ Information Security Policy

  1. Overview

    1. Information is a valuable part of the assets of UAB "Pervesk" (hereinafter The Company), therefore its loss, illegal change or disclosure, damage or termination of information processing may cause disruptions in the operation of the Company, and cause damage to the interested parties. Taking this into account, the Company takes measures to ensure information security.

    2. The purpose of information security management is to ensure appropriate and effective information security management and to prevent disruption of operations and the occurrence of damage due to violations of confidentiality, integrity, and availability of information.

    3. Information Security Policy is owned by Information Security Division and is a parent document for related information security policies.

  2. Scope

    1. The Policy applies to:

      1. all Company activity processes and all structural divisions;

      2. all Company Information, regardless of its form and storage method;

      3. all employees of the Company and Third parties who are subject to legal acts and/or access to Company Information or Information is provided on the basis of contractual relations processing tools to perform the functions (rights) provided for in legal acts or the contract;

      4. services provided by external service providers.

  3. Roles and Responsibilities

Responsible PartyRoles And Responsibilities
Management BoardSets the tone from the top by communicating the importance of the Information Security and leads the message across, that all personnel are responsible for Information Security as part of their responsibilities and work.
CEOProvides visible support and commitment to Information Security and allocates appropriate resources to implement Information Security Management System.
CISOIs responsible for development and implementation of Information Security strategy. CISO is responsible for the development, implementation, maintenance, and monitoring of the Information Security Management System. CISO is responsible for compliance with regulatory requirements. CISO reports to senior management on the performance of the ISMS.
Information Security DivisionOwns the Information Security Policy. Provides subject matter expertise in Information Security controls across the Company. Provides training and education for Personnel. Investigates, analyses and responds to Information Security Incidents. Carries out Information Security testing and proactive monitoring of security threats and vulnerabilities.
IT DivisionEnsures that the processes for which the Division is responsible for, are designed in accordance with Information Security requirements described in Information Security policies. Ensures timely implementation of corrective actions related to Information Security Management System requirements.
All EmployeesParticipate in mandatory Information Security trainings, and timely completion of assigned online Information Security trainings. Are adhered to this policy, and other related Information Security policies and procedures. Reports any Information Security incidents to Information Security Division personnel.

  1. Information Security Management System

    1. The security of the information handled by the Company includes three main aspects:

      1. Confidentiality - protection of information from unauthorized disclosure;

      2. Integrity - protection of information against unauthorized or accidental change;

      3. Availability - ensuring that information is available when it is needed.

    2. The Company's Information Security Management System (hereinafter - ISMS) implements this Policy and defines the main principles of information security assurance and management.

    3. The Company's ISMS requirements are determined in accordance with:

      1. Legal acts of the European Union and the Republic of Lithuania regulating Information Security and personal data processing, including the General Data Protection Regulation (EU) 2016/679 (hereinafter - GDPR);

      2. Methodological instructions of the State Data Protection Inspectorate and the European Data Protection Board and other legal sources related to Information processing and security;

      3. Board of the Bank of Lithuania resolution no. 03-174 "On approval of the description of information and communication technologies and security risk management requirements" (TAR, 2020-11-26, No. 2020-25173) and other information security requirements of Bank of Lithuania;

      4. ISO/IEC 27001:2022 Information security management system requirements, and;

      5. Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) (hereinafter - DORA);

      6. Company's ICT strategy.

    4. Company's objectives defined in The Information and Communication Technology Security Strategy.

    5. The Company undertakes to ensure proper and efficient management of Information Security, in order to avoid disruption of operations due to the disclosure of confidential Information, Information breach of integrity or unavailability of Information due to its loss or system failure.

    6. Information security is managed through consistent planning, implementation, testing, and continuous improvement of the ISMS.

    7. Any violation of Information Security norms is considered an Information Security incident, which may have a negative impact on the continuity of the Company's activities and cause reputation damage.

    8. Company employees and Third parties who have violated ISMS requirements are subject to measures provided for by the laws of the Republic of Lithuania.

    9. ISMS consists of the documents specified in the Appendix A of this Policy. All the documents must be approved by the Company CEO.

  2. Final Provisions

    1. The Company reserves the right to change the Policy at any time without prior notice.

    2. In the event that any changes are made, the revised Policy shall be communicated to all employees of the Company.

    3. Chief Information Security Officer ensures that the employees of the Company are informed about the Policy, carries out appropriate security training, conducts an annual review of the Policy and initiates its amendments (if necessary).

    4. The Policy shall be approved by the Board of the Company.

Pervesk baltas logotipas
Mokėjimų sąskaitos
Asmeninė mokėjimų sąskaitaVerslo mokėjimų sąskaitaMokėjimo kortelės
Sąlygos ir Kainoraštis
DokumentaiKainoraštis
API paslaugos
KYC paslaugos„White Label” sprendimai
Įmonė
Apie musSusisiekiteDUK
© 2017 - 2024 Pervesk, UAB

Svetainėje pateiktos paslaugos nėra siūlomos vartotojams iš JAV ir kitų jurisdikcijų, jei jose yra taikomi tokių paslaugų apribojimai. Pradėję naudotis svetaine, tai darote savo iniciatyva ir suprantate, kad esate visiškai atsakingi už jums taikomų įstatymų, taisyklių ir reikalavimų laikymąsi.