INFORMATION SECURITY POLICY

The fundamental principles and basic conditions to protect Data and Systems from threats and breaches, to create a digitally secure work, investment and development environment, are reflected in the Information Security Policy of the GEK TERNA Group.
 
Information Security is an absolute priority and an explicit commitment for GEK TERNA Group.
 
We have adopted a security framework which includes a long list of technical, administrative and organizational protection measures. In compliance with the European Data Protection Regulation (GDPR) monitoring newer regulatory frameworks such as NIS2 and AI Act and based on International Standards such as ISO 27001 and ISO 22301, as well as internationally recognized best practices and advanced technologies, we implement Policies and Procedures that ensure the integrity, confidentiality and availability of our data.
 
The security measures cover both the protection perimeter within the Group and its environment. They include - among others - organization with specialized staff with many years of experience, access management to data and systems, staff training and awareness, as well as assessment of the level of security of our partners and suppliers to manage threats, while in addition there are institutionalized speaking bodies for instant digital transformation and IT security decisions.
 
At the same time, we implement continuous preventive monitoring of information systems and infrastructures and prepare regular resistance tests with the aim of immediately identifying and managing any incident before it turns into a threat. Through the most modern and valid tools and technologies, which are constantly upgraded, we ensure that any attempted breach or malicious activity is detected and dealt with in a timely manner.
 
The "management commitment" that we apply in practice is one of the main factors to ensure the desired result, thus actively supporting the existing security framework, as well as any action to upgrade it, so that we continue to be at the forefront of a continuous digital transformation.
 
The Information Security Policy is accompanied by the following policies, which shape the data and systems security framework:
 
  • Remote Access
  • Classification of Information
  • Acceptable use of IT resources
  • Password management
  • Integration of New IT Applications
  • Access to third parties outside the Group
  • Security logic management
  • Change management
  • Security exceptions
  • Update management
  • Event recording of equipment, applications & networks
  • Backups
  • Proper use of the workplace
  • Security incident management
  • Information security audit & testing