Pro-M Zrt. accomplished the revision of its IT Security Regulations

Pro-M Zrt. accomplished the revision of its IT Security Regulations

In the frame of the preparation for the successful ISO revision audit completed recently and affecting the Integrated Management System (hereinafter referred to as IMS) of Pro-M Zrt. the company revised its IT Security Regulations (hereinafter referred to as ITSR).

The Integrated Management System guarantees conscious quality policy, commitment to information security and environmental awareness. These targets are achieved through the maintenance and continuous development of the operation according to standards ISO9001:2008, ISO14001:2005 and ISO27001:2005.

The first ITSR was issued in 2006 and the regulations are revised every year. The revision performed in 2010 monitors changes occurred in the area of IT security during the last year, including – among others – the introduced IT security solutions, the tasks identified in the related projects and the developments connected with them, and changes experienced in the professional and statutory environment.

The purpose of the IT Security Regulations is to ensure that the high level information technology, security and information security requirements specified in the Service Contract concluded for EDR (Unified Digital Radio Communications System) are met.

The regulations include the access and authorization rules for the established IT infrastructure; the specifications concerning the use of this infrastructure; requirements for the working of users in the IT environment; trainings connected with the work to be performed and controls verifying compliance with the laid down security rules; and the management of operation, maintenance and development activities.

For achieving the above-mentioned goals the IT Security Regulations comprise also thematic annexes on virus protection, on the use of IT tools as well as on the back-up (saving), archiving and reloading (restoring) of data.

Apart from other topics the annexes give a highlighted and differential discussion of the activities performed by system managers and system administrators, and of issues concerning the security of operations.

In the IT User Manual compiled also as an annex to the ITSR the IT security rules that are essential for the users were laid down, including issues connected with rights, obligations, responsibilities, training, access protection, IT systems, mailing system, Internet usage, protection of data and data carriers, and the principle of ”clear desk, clear screen”.

The revised IT Security Regulations are in harmony with other normative rules such as the Company’s Business Continuity Plan / Disaster Recovery Plan (BCP/DRP) and regulations for the management of personal data. To ensure the successful achievement of the set targets the rules specified in the ITSR are included in the subject matter of training courses that promote security awareness. On the other hand the regular controls stimulate the implementation of given processes according to the specifications.

The measures detailed above ensure the integrity and confidentiality of information describing the work of emergency organizations, support the high standard of services provided to the great satisfaction of customers as specified in the Integrated Management System and promote the commitment to environment aware quality policy.