INFORMATION SECURITY POLICY
The protection of information and its processing systems is of strategic importance for the Lifelong Learning Center (LLC) in order to achieve its short-term and long-term goals and at the same time, to ensure the privacy of the lives of the citizens it serves.
Recognizing the importance of information and information systems in the execution of its operational functions, the Lifelong Learning Center (LLC) implements an Information Security Policy and its aim is:
- To ensure confidentiality, integrity and availability of the information it manages.
- To ensure the proper function of information systems.
- The timely response to incidents that may jeopardize the operational functions of the Lifelong Learning Center (LLC).
- To meet legislative and regulatory requirements.
- The continuous improvement of the level of Information Security.
- Organizational structures that are necessary for the monitoring of issues related to Information Security are defined.
- Technical measures to control and restrict access to information and information systems are defined.
- The way in which information is classified according to its importance and value is determined.
- Necessary information protection actions during the stages of processing, storage and distribution are described.
- The ways of informing and educating the employees and partners of the Lifelong Learning Center (LLC) on issues of Information Security are defined.
- Ways to deal with Information Security incidents are identified.
- The ways in which the safe continuation of the operational functions of the Lifelong Learning Center (LLC) is ensured, in cases of malfunction of information systems or in cases of disasters are described.
The Lifelong Learning Center (LLC) makes assessments of the risks related to Information Security at regular intervals and it takes the necessary measures to address them. It implements a framework in order to evaluate the effectiveness of Information Security procedures through which performance indicators are defined; their measurement methodology is described and periodic reports are produced which are reviewed by the Management in order to improve the system continuously.
The Information Security Officer is responsible for monitoring Information Security policies and procedures and taking the necessary initiatives to eliminate all those factors that could jeopardize the availability, integrity and confidentiality of the Lifelong Learning Center’s information.
All employees of the Lifelong Learning Center and its partners with access to information and information systems of the Lifelong Learning Center, have the responsibility to comply with the rules of the applicable Information Security Policy.
Read the information security policy certifications 27001 and 27701 here and here, respectively.