The Information Security Policy has the objective of establishing, implementing, maintaining and improving the information security system in RNIDS, and meeting the requirements of ISO/IEC 27001 and all relevant legislation in the area of information security.
The management of RNIDS is mindful of the importance of security of information assets and defines, provides support to, promotes and directly monitors activities and measures which are in accordance with the business objectives and strategy of RNIDS within the defined context, and with applicable laws and good practice in the area of protection of information assets as well as the demands and needs of stakeholders.
The Information Security Policy has the objective of establishing mechanisms to prevent and eliminate circumstances that might give rise to threats to information security. The purpose of the information security and protection policy is to secure and protect the information and assets of RNIDS from all threats, whether internal or external, accidental or deliberate, through the establishment, implementation, administration, supervision, re-evaluation, maintenance and improvement of the information security management system (ISMS).
Implementation of this policy and these rules is vital for the preservation of the integrity and stability of the RNIDS information system in providing uninterrupted services to users of the system. The security and protection policy provides for and guarantees:
- Establishment of monitoring mechanisms for the protection of information and information systems from theft, misuse and/or other forms of malicious activity;
- Establishment of the necessary organisational structure;
- The necessary level of know-how and understanding regarding their responsibilities on the part of persons tasked with managing the RNIDS ICT system;
- The necessary level of know-how and understanding regarding information security on the part of all users of the RNIDS ICT system;
- The administration of requests for confidentiality, integrity and accessibility of data;
- The secure continuation of key RNIDS services in the event of serious incidents;
- The security of personal data;
- The stability and availability of services provided by RNIDS to users;
- Compliance by external service providers with RNIDS information security rules and procedures;
- Compliance with applicable laws and regulations of the Republic of Serbia and internal procedures of RNIDS
The management, all employees, and those working for RNIDS in the course of implementation of the Information Security Policy will monitor established standards and business needs on an ongoing basis and, as needed, make changes and amendments in accordance with the rate of change or advancement of technologies and legal and other requirements.