Information Security Policy
NEXTCOM is committed to protecting the information assets of both the Company and its clients from all internal, external, intentional or unintentional threats and to comply with legislative, operational and contractual requirements.
For NEXTCOM SA, Information Security is a top priority in order to:
- Ensure full compliance of the company with the relevant legal and regulatory requirements,
- Protect the interests of the company and of those who deal with it and trust it for the use and handling of their confidential information
- Ensure the availability, integrity and confidentiality of information generated, received and circulated in the context of security projects.
- Maximize the reliability of the company’s information resources.
- Ensure the availability of data, information and communication systems, even in a major security incident by establishing and implementing a business continuity plan.
- Raise awareness and train company employees on information security issues in order to minimize the risk of security incidents.
- Establish systematic audits to assess the implementation, adequacy and effectiveness of the information security system it implements.
- Investigate all security incidents as well as alleged weaknesses by competent personnel.
- Ensure that all NEXTCOM executives are directly responsible for implementing the policy and ensuring compliance by all staff in their areas of responsibility and without deviations, in accordance with the obligations arising from said Policy, in order to avoid possible legal and financial consequences for them and for the company.
NEXTCOM SA operates in the following field of information system application:
DESIGN AND IMPLEMENTATION OF COMMUNICATION SERVICES ADVERTISING CAMPAIGN AND DISPLAY, ADVERTISING, PROMOTION AND PRINT MATERIAL OPERATIONS, CREATIVE SERVICES, MATERIAL COLLECTION AND DOCUMENTATION SERVICES, INTERNET AND WEB PORTAL DEVELOPMENT SERVICES, MULTIMEDIA SOFTWARE AND DIGITALIZATION CONSULTANCY SERVICES, INVESTMENT AND BUSINESS PLANS, EUROPEAN AND NON-EUROPEAN FUNDED AND NON-FUNDED PROGRAMS, SOFTWARE DESIGN AND DEVELOPMENT, STUDIES PREPARATION, MANAGEMENT – IMPLEMENTATION OF EUROPEAN AND NON-EUROPEAN SPONSORED PROJECTS AND ACTIONS, ORGANIZATION OF EXHIBITIONS EVENTS, CONFERENCES AND SEMINARS PLANNING, DESIGN, PROCUREMENT, DEVELOPMENT, TRAINING, COMMISSIONING AND SUPPORT OF INTEGRATED AND UNIFIED IT SOLUTIONS, AS WELL AS THE PROVISION OF NETWORK AND TELECOMMUNICATIONS SERVICES
The implementation of the Information Security Management System (ISMS) by the company aims at the following:
- Protection of the stored file, computing resources and circulating information in the services provided by the company from any threat, internal or external, intentional or accidental.
- Systematic assessment and evaluation of the risks related to the assurance of information, looking forward to their correct and timely management,
- Archiving data, avoiding viruses and external intrusions, controlling access to systems, recording all security incidents and managing unexpected developments,
- Constantly informing the management and staff on information security issues and conducting training seminars for the staff,
- Full commitment of the company’s Management to the faithful implementation and continuous improvement of the Information Security Management System, which complies with the requirements of the ISO 27001:2013 standard.
The Information Security Management Officer is responsible for controlling and monitoring the operation of the ISMS, as well as for informing all involved personnel about the Information Security Policy.
This dynamic system, in order to be achieved, in addition to the necessary technological infrastructure, requires the sincere and active participation of all its human resources, as well. The Management and all employees are committed to the achievement of the company’s goals and to the observance of the principles in relation to Information Security. All personnel involved in the activities and procedures described and related to Information Security undertake the responsibility to apply the policy and the corresponding ISMS Procedures in their area of operation.
The Information Security Policy is reviewed at regular intervals in terms of its continued suitability and it is amended whenever deemed necessary, taking into account the results of the systematic risk assessment of the security of information assets. In order to achieve the above, the Company implements an Information Security Management System according to EN ISO 27001:2013 standard.