For PAY-BACK GROUP, the main objective of information security is to protect the data and information of the technological, physical, logical and organizational structure responsible for their management. This means obtaining and maintaining a secure information management system, within the scope defined for ISMS, respecting the following properties:
1. Confidentiality: ensure that information is only accessible to duly authorized subjects and / or processes;
2. Integrity: protect the consistency of information against unauthorized modification;
3. Availability: to ensure that authorized users have access to information and associated architectural elements when requested;
4. Control: ensure that data management is always carried out through safe and tested processes and tools;
5. Authenticity: ensuring a reliable source of information.
6. Confidentiality: guarantee the protection and control of personal data.
As part of the management of the services offered by PAY-BACK GROUP, through its technological infrastructure, compliance with the security levels established by the implementation of the ISMS, ensures:
• ensuring that you have named procedures and policies that can ensure high resiliency of services and availability of confidentiality and integrity of information;
• select, where applicable, reliable partners for the processing of its information assets;
• a high brand image aimed at customer safety;
• full compliance with agreements concluded with customers;
• client satisfaction;
• compliance with current regulations and international security and confidentiality standards
For this reason, PAY-BACK GROUP has developed a secure information management system following the specified requirements of ISO 27001: 2013 and mandatory laws as a means of managing information security in the context of its activities. .
Scope of application
PAY-BACK GROUP’s information security policy applies to all internal staff and third parties who collaborate in information management and to all processes and resources involved in the design, implementation, start-up and maintenance continuous supply within the reception, management and deployment of alarms from its operational centers.
Information security policy
PAY-BACK GROUP’s security policy represents the organization’s commitment to customers and third parties to ensure the security of information, physical, logical and organizational tools for processing information in all activities.
PAY-BACK GROUP’s information security policy is based on the following principles:
at. Guarantee the organization a perfect knowledge of the information managed and the evaluation of its criticality, in order to facilitate the implementation of adequate levels of protection.
b. Ensure secure access to information, in order to prevent unauthorized processing or processing carried out without the necessary rights.
vs. Ensure that the organization and third parties collaborate in processing information by adopting procedures to maintain adequate levels of security.
d. Make sure that the organization and the collaborating third parties who handle information are fully aware of security concerns.
e. Ensure that anomalies and incidents affecting the information system and the company’s security levels are quickly recognized and properly managed through effective prevention, communication and reaction systems in order to minimize the impact on the company.
f. Ensure that access to offices and individual company premises is reserved exclusively for authorized personnel, to ensure the security of areas and assets present.
g. Ensure compliance with legal requirements and compliance with security commitments established in contracts with third parties.
h. Ensure the detection of abnormal events, accidents and vulnerabilities of information systems in order to respect the security and availability of services and information.
i. Ensure business continuity and disaster recovery through the application of established security procedures.
The information security policy is formalized in the ISMS, is constantly updated to ensure its continuous improvement and is shared with the organization, third parties and customers, via an intranet system and specific communication channels.
Responsibility for information security policy
Management is responsible for the secure information management system, in line with the changing business and market context, evaluating all actions to be taken in relation to events such as:
Important business developments;
new threats compared to those considered in the risk analysis activity;
significant security incidents;
changes in the regulatory or legislative context concerning the secure processing of information;