Security policy

For PAY-BACK GROUP, the main objective of information security is to protect the data and information from the technological, physical, logical and organisational structure responsible for their management. This means obtaining and maintaining a secure information management system, within the scope set for ISMS, respecting the following properties:

 1. Confidentiality: ensure that information is accessible only to authorized subjects and/or processes;
2. Integrity: protect the coherence of the information against unauthorized modifications;
3. Disponibility: to ensure that authorized users have access to the information and associated architectural elements when they request it;
4. Control: ensure that data management is always performed using safe and tested processes and tools;
5. Authenticity: ensuring a reliable source of information
6. Confidentialitity: ensure protection and controls of personnal data

Within the framework of the management of the services offered by PAY-BACK GROUP, through its technological infrastructure, the respect of the security levels set up by the WSIS implementation, ensures:

 • the guarantee of having implemented procedures and policies that can ensure high resilience of services and the availability of confidentiality and integrity of information;
• select, when appropriate, reliable partners for the processing of its information assets;
• a high brand image aiming at the safety of the customers;
full compliance with agreements made with customers;
• client’s satisfaction;
• compliance with applicable regulations and international security and privacy standards

For this reason, PAY-BACK GROUP has developed a secured information management system in accordance with the specified requirements of the ISO 27001: 2013 standard and mandatory laws as a means of managing information security in the context of its activities.

Field of application

PAY-BACK GROUP’s information security policy applies to all internal staff and third parties who collaborate in the management of information and to all processes and resources involved in the design, implementation, start-up and ongoing provision within the reception, management and deployment of alarms in its operational centres.

Information security Policy

PAY-BACK GROUP’s security policy represents the organization’s commitment to customers and third parties to ensure the security of information, physical, logical and organizational tools for the processing of information in all activities.

PAY-BACK GROUP’s information security policy is based on the following principles:

a. Ensure that the organization has a perfect knowledge of the information managed and the assessment of its criticality, in order to facilitate the implementation of adequate levels of protection.
b. Ensure secure access to information in order to prevent unauthorized processing or processing without the necessary rights.
c. Ensure that the organization and third parties cooperate in the processing of information by adopting procedures to ensure adequate levels of security.
d. Ensure that the organisation and third parties collaborating in the processing of information are fully aware of security issues.
e. Ensure that anomalies and incidents affecting the company’s information system and security levels are quickly recognized and properly managed through effective prevention, communication and response to minimize the impact on the company.
f. Ensure that the access to the company’s offices and individual premises is restricted to authorized personnel only in order to ensure the security of the areas and present assets.
g. Ensure compliance with legal requirements and fulfilment of security commitments established in contracts with third parties.
h. Ensure the detection of unusual events, accidents and information system vulnerabilities in order to respect the security and availability of services and information..
i. Ensure business continuity and disaster recovery through the application of established security procedures.

The information security policy is formalized in the ISMS, is constantly updated to ensure its continuous improvement and is shared with the organization, third parties and customers, via an intranet system and specific communication channels..

Responsibility for information security policy

Management is responsible for the secure information management system, in line with the changing business and market environment, evaluating all actions to be taken in relation to events such as:

• Significant business developments;
• New threats compared to those considered in the risk analysis activity;
• significant security incidents;
• changes in the regulatory or legislative context concerning the secure processing of information;