my.autodia GR

Information Security & Quality Policy

Information Security Policy

1 Purpose

The purpose of this policy is to establish the basic principles to ensure the Security of all Organization Information .

2 Scope

This policy applies to all information systems and affects all employees and all third parties. Any exception to this Security Policy must be documented and approved by the Organization's Management.

3 Change and Revision Management

The Information Security Manager is responsible for the content and review of this policy. This policy will be reviewed by the Information Security Manager at least once a year and when it is updated or changed/enriched, a new version will be issued (and in any case the review of this policy will be reported in the annual Management Review), to document that it is fully compatible with the objectives and needs of the Organization. This Policy may also be revised when this is required by external factors such as various security breach incidents.

4 Compliance with This Policy

The Organization's management is responsible for implementing this policy to ensure that all employees are aware of and accept it. All personnel and third parties must implement (the former) and be compliant (the latter) with this Policy. Violation or non-implementation of this policy will have a negative impact that may lead to a breach of confidentiality, integrity, and availability, which may be disastrous for the Organization itself. All violations of this policy should be reported to the Organization's management so that all necessary measures can be taken.

5 Detailed Description

The primary purpose of the Organization is:

  • Ensuring the confidentiality, integrity and availability of the information it manages.
  • Ensuring the proper functioning of information systems.
  • The timely response to incidents that may endanger the Organization's operations
  • Meeting legal and regulatory requirements.
  • Continuous improvement of the level of Information Security.

For this purpose, the Organization:

  • It defines the organizational structures necessary for monitoring issues related to Information Security.
  • It defines the technical measures to control and restrict access to information and information systems.
  • It determines how information is graded according to its importance and value.
  • It describes the necessary actions to protect information during the stages of its processing, storage and movement.
  • It determines the methods of informing and training the organization's employees and associates on Information Security issues.
  • It determines the ways to deal with Information Security incidents.
  • It describes the ways in which the safe continuity of the Organization's operations is ensured in cases of information system malfunction or in cases of disasters.

Additionally:

  • This Information Security Policy constitutes the main reference point in the implementation of the Organization's Information Security Management System (hereinafter: ISMS), within the framework of ISO 27001:2022.
  • All ISMS Processes refer to it (directly or indirectly).
  • In any case, all third parties operating on behalf of the Organization (e.g. technicians) or operating within the Organization performing work on its behalf, are informed of the security policy and how it is implemented.
  • This Policy must be fully compatible with National and Community Regulatory Law without any deviation, and particularly the GDPR Personal Data Regulation. The Organization must operate within legal limits.
  • The Management is committed to supporting the observance and implementation of the Security Policy, as well as to providing the necessary resources for its implementation. The Information Security Manager represents the Management of the Organization on Information Security issues and is a key Advisor to the Management.
  • The Information Security Manager must necessarily have knowledge of the Organization's information systems and applications, as well as the ability to translate security policies into procedures that refer to information systems.
  • In addition to the obligation to review this Policy at least once a year, it will be reviewed and revised (if necessary) when one of the following events occurs:
    • Changes in Regulatory Requirements, Laws Regarding Information Security and Personal Data Security.
    • Significant changes in the Organization's logistical infrastructure (regarding information systems).
    • Security Breaches and in general any emergency incident that occurred and aimed at the theft and/or destruction of Information and the Systems that manage it.
  • The entire executive staff of the Organization will assist in the effort to implement this Policy and its continuous updating (depending on technological developments and the requirements of the times).
  • The risk analysis and the preventive measures that will result from it will be the guidelines on which this policy will operate.
  • All the Organization's executive staff will receive ongoing training from IT Security specialists so that they have constantly updated training.
  • It has formed a framework through which it is possible to set specific and quantifiable objectives regarding information security. These objectives, based on the organizational structure of the Organization and what they concern, are applied to all departments involved in the respective processes. These objectives may be enriched and renewed with corresponding decisions of the Organization's Management.
  • The Organization applies specific risk assessment criteria. These criteria are recorded in the Organization's risk assessment methodology. A key component of this methodology is the determination of the Organization's assets that are involved in the operation of each project and then the identification of all risks related to these assets.
  • Each client of the Organization enjoys high levels of Security, whether from physical or technical risk, as it has installed high-tech control equipment with the aim of securing its clients' data.
  • The Organization hopes for broader cooperation, as it can guarantee two very basic concepts: Quality and Safety.
  • By implementing this Information Security Management System, the Organization has the following objectives:
    • Ensuring the Security of Customer and Organization Information
    • Ensuring Business Continuity
    • Ensuring compliance with the Legislation, with emphasis on meeting all requirements of the General Data Protection Regulation (GDPR)

Quality Policy

"AUTODIA", having the knowledge and experience regarding the Collective Management of Musical Intellectual Property Rights, can and does lead in the sectors in which it operates.

Through the harmonious cooperation of all parties involved (Management, Staff, Partners, Suppliers but especially its customers) it ensures the successful completion of its project.

To achieve the above, the Management of "AUTODIA":

  • It has adopted a Quality Management System in accordance with the International Standard ISO 9001:2015, which applies to the entire Organization and to all activities that have an impact on the quality of its services and the satisfaction of its customers.
  • It continuously reviews and improves the characteristics of its services, where possible, as well as the effectiveness of its Processes and by extension the entire Quality Management System.
  • It sets measurable objectives for quality at the corporate level, at the functional level of Departments and/or Processes as well as regarding services. These objectives are established and evaluated as to their degree of achievement within the framework of the Quality Management System Review by the Organization's Management.
  • It invests in the continuous training, information and education of its executives so that they produce Quality in every activity.
  • Monitors, measures, and evaluates critical parameters and processes to ensure Quality.
  • The Organization is committed to complying with and implementing Legal and Regulatory requirements.
  • Monitors and frequently reviews all risks and opportunities, as well as interactions with stakeholders.
  • "AUTODIA" hopes for a broader collaboration as what it can guarantee is QUALITY in every transaction.

From the Organization's Management

Share
Autodia Collective Management Organization of Music Authors & Rightholders
my.autodia
TUV
CISAC
Search