Integrated Management System Information Security Policy
1 Introduction
IKNOWHOW SA recognizes the importance of information security in ensuring the confidentiality, integrity, and availability of information assets entrusted to us by our clients, partners, and employees. This Information Security Policy outlines our commitment to establishing, implementing, and maintaining effective information security practices by ISO/IEC 27001:2022.
2 Scope
This Information Security Policy applies to all aspects of IKNOWHOW ‘s operations, including the design, development, customization, implementation, maintenance, and support of information and geographical information systems, as well as consulting services in implementing information systems.
3 Information Security Objectives
3.1 – Confidentiality
We are committed to protecting sensitive and confidential information from unauthorized access, disclosure, or misuse through the implementation of access controls, encryption, and other appropriate measures.
3.2 – Integrity
We strive to maintain the accuracy, completeness, and reliability of information assets by implementing controls to prevent unauthorized modification, deletion, or corruption.
3.3 – Availability
We ensure the availability of information systems and services to support business operations and customer requirements by implementing measures to prevent and mitigate disruptions, including redundancy, backup, and disaster recovery plans.
3.4 Compliance
We are dedicated to complying with all relevant legal, regulatory, and contractual requirements related to information security and privacy, including GDPR, NIS2, ΕΚΒΑ, and other applicable regulations.
3.5 Continuous Improvement
We foster a culture of continuous improvement, innovation, and learning to enhance our information security posture, identify and mitigate emerging threats and vulnerabilities, and adapt to changing business needs and technological advancements.
4 Information Security Responsibilities
4.1 Management
Top management is responsible for establishing, implementing, and maintaining an Integrated Management System (IMS), providing necessary resources, and demonstrating leadership in promoting a culture of security awareness and vigilance.
4.2 – Chief Information Security Officer (CISO)
Top management has assigned the role of Chief Information Security Officer to a competent person who is responsible for overseeing the implementation of the IMS, conducting risk assessments, coordinating security activities, and ensuring compliance with ISO/IEC 27001:2022 requirements.
4.3 Employees
All employees are responsible for adhering to information security policies, procedures, and guidelines, reporting security incidents promptly, and actively participating in security awareness training and education programs.
5 Information Security Controls
IKNOWHOW implements a comprehensive set of information security controls to protect information assets from threats and vulnerabilities. These controls include but are not limited to:
- Access Control
- Encryption
- Authentication and Authorization
- Network Security
- Data Backup and Recovery
- Incident Response and Management
- Security Awareness Training
- Vendor Management
6 Compliance
IKNOWHOW is committed to complying with all relevant legal, regulatory, and contractual requirements related to information security and privacy. This includes but is not limited to GDPR, NIS2, ΕΚΒΑ, and other applicable regulations.
7 Training and Awareness
We provide regular training and awareness programs to our employees to enhance their understanding of information security risks, threats, and best practices, and to ensure compliance with information security policies and procedures.
8 Monitoring and Review
We regularly monitor, review, and evaluate our information security controls, practices, and incidents to identify areas for improvement, address emerging threats and vulnerabilities, and ensure ongoing compliance with ISO/IEC 27001:2022 requirements.
9 Policy Review and Updates
This Information Security Policy will be periodically reviewed and updated as necessary to reflect changes in business operations, technology, regulatory requirements, and emerging threats, ensuring its continued suitability and effectiveness.
10 Policy Communication
This Information Security Policy will be communicated to all employees, contractors, vendors, and partners and made available through the company’s intranet or other relevant channels to ensure awareness, understanding, and commitment to its principles and objectives.
11 Document information:
| Security Classification: | Public |
| Document Name: | Information Security Policy |
| Document Number: | ISMS-01 |
| Current Version Number: | 2.0 |
| Date: | 19/5/2025 |
| State: | Final |
| Prepared by: | |
| Reviewed by: | |
| Approved by: |
12 Revision history
| Version | Date | Description | Reviewer |
| 2.0 | 19/5/2025 | Version 2.0 | |
Approval signature
FOTOPOULOU AIKATERINI CEO