Information Security Policy

SEABERRY TECHNOLOGIES DOO BEOGRAD (hereinafter referred to as SEABERRY TECHNOLOGIES DOO) declares and undertakes to implement appropriate measures to protect information assets from the risk of harm, loss and damage arising from the implementation of information security threats.

The information security policy is the fundamental document that defines the position, goals, objectives and principles of SEABERRY TECHNOLOGIES DOO in the field of information security.

SEABERRY TECHNOLOGIES DOO views information security risks as the likelihood of negative events occurring that could harm the company or its employees.

In relation to the field of information security, SEABERRY TECHNOLOGIES DOO minimizes or eliminates such risks as:
- Leakage of confidential information.
- Attacks on information systems.- Actions of unreliable employees.
- Use of incomplete or distorted information.
- Access to potentially dangerous objects on the Internet.
- Loss or inaccessibility of important data.- Malicious software.
- Dissemination in the external environment of information that threatens the reputation of SEABERRY TECHNOLOGIES DOO.

The policy was developed in accordance with the Law on Data Protection of the Republic of Serbia, as well as the International Standard ISO/IEC 27001 "Information technology - Security techniques - Information security management systems - Requirements."
‍
Compliance with the principles, rules and requirements of the Information Security Policy is an element of SEABERRY TECHNOLOGIES DOO’s corporate culture.

SEABERRY TECHNOLOGIES DOO defines the following principles for ensuring information security:
Systematic principle. Information assets are considered as interdependent components of a single system.
The principle of completeness. To ensure information security, a wide range of measures, methods and means of protection are used, the integrated use of which ensures the neutralization of current threats.
The principle of echeloning. The information security system is built so that the most protected security zone is located inside other protected zones.
The principle of equal strength. The effectiveness of protective mechanisms should not be undermined by a weak link resulting from underestimation of threats or the use of inadequate protective measures.
The principle of continuity. Ensuring information security is a continuous, purposeful process that involves taking protective measures at all stages of the life cycle of information assets.
The principle of reasonable sufficiency. The choice of means of protection adequate to current threats is carried out on the basis of risk analysis.
The principle of legality. SEABERRY TECHNOLOGIES DOO strictly complies with legislation in the field of information technology, the requirements of regulatory legal and technical documents in the field of information security.
Controllability principle. The processes of ensuring and improving information security must be manageable; it is necessary to monitor, measure parameters and timely adjust processes.
The principle of personal responsibility. Responsibility for ensuring information security rests with each SEABERRY TECHNOLOGIES DOO employee within the limits of his authority.
Responsibility for violation of policy. SEABERRY TECHNOLOGIES DOO employees are required to comply with information security requirements and rules when working with information and information assets of both the SEABERRY TECHNOLOGIES DOO company and its partners and contractors.

Managing and ensuring information security at SEABERRY TECHNOLOGIES DOO is focused on achieving the following goals:
- Providing a secure information environment for the operation and development of business.
- Increasing competitiveness, business reputation and business value by minimizing risks in the field of information security.
- Compliance with legal requirements in the field of information security and personal data protection, as well as compliance with relevant contractual obligations.
- Improving the corporate culture of processing and protecting information, including personal data.
- Effective management of information security processes and continuous improvement of the information security management system.

To achieve the goals, SEABERRY TECHNOLOGIES DOO has adopted the following tasks in the field of information security:
- Design, implementation and continuous improvement of the information security management system.
- Involvement of SEABERRY TECHNOLOGIES DOO senior management in the process of functioning of the information security management system.
- Regular consideration of information security issues by working groups.
- Effective use of resources allocated to ensure information security.
- Assessment of cost effectiveness.
- Ensuring the security of SEABERRY TECHNOLOGIES DOO information assets.
- Compliance with legislation, requirements of regulatory authorities in the field of information security and personal data protection.
- Improving technical, organizational and legal protection measures.
- Formation, accumulation and development of competencies in the field of information security and personal data protection.
- Conducting an information security risk assessment and measures to improve the level of security of information assets.
- Management of information security incidents and improvement of mechanisms for responding to them.
- Raising the awareness of SEABERRY TECHNOLOGIES DOO employees and regularly completing mandatory information security training.
- Formalization of information security requirements in local regulations.
- Taking into account information security requirements in project activities.
- Checking the reliability of applicants, employees, contractors and other business partners.
- Monitoring the information security management system and conducting periodic audits.

This policy is a global regulatory document of continuing effect.
‍
This policy is approved, amended and repealed by the General Director of SEABERRY TECHNOLOGIES DOO. Review of the policy is carried out on a regular basis, at least once a year or as necessary.
‍
Information security is the state of security of SEABERRY TECHNOLOGIES DOO corporate data, which ensures their confidentiality, integrity, authenticity and availability.
‍
The security of SEABERRY TECHNOLOGIES DOO's information assets is characterized by the neutralization of current threats to information security by technical, organizational and legal measures.
‍
For the purposes of this policy, information assets include information, business reputation, material assets and business processes.

SEABERRY TECHNOLOGIES DOO management is aware of the importance and need to improve measures and means of ensuring information security in the context of the development of legislation in the field of information security, as well as the increasing complexity of the information technologies used.
‍
SEABERRY TECHNOLOGIES DOO management initiates and controls work in the field of information security.
‍
SEABERRY TECHNOLOGIES DOO's information technology and information security managers and specialists must perform their duties responsibly, recognizing that the quality of their work directly affects the security of SEABERRY TECHNOLOGIES DOO's information assets.
‍
Each SEABERRY TECHNOLOGIES DOO employee bears disciplinary, civil, administrative and criminal liability for failure to comply with information security requirements in accordance with applicable law.

SEABERRY TECHNOLOGIES DOO strives to implement modern software, technical, organizational and legal tools and methods for ensuring information security.
‍
For the safe use of corporate resources, based on world standards in the field of information security, SEABERRY TECHNOLOGIES DOO develops and implements internal regulatory documents in the field of Quality, Personnel, Compliance, Security and Legal Affairs.
‍
Confidentiality and non-disclosure agreements concluded with employees and contractors are an integral part of the SEABERRY TECHNOLOGIES DOO information security management system.
‍
To work on the Internet, communicate on social networks and instant messengers, use email, other electronic means, platforms, development and communication environments, SEABERRY TECHNOLOGIES DOO implements organizational, methodological, software and technical information security and protection measures.

SEABERRY TECHNOLOGIES DOO employees must be guided by this policy in their professional activities, internal corporate interactions, personal development and improving the information security culture.
‍
High corporate standards and information security rules of SEABERRY TECHNOLOGIES DOO are mandatory for all SEABERRY TECHNOLOGIES DOO employees without exception and must be taken into account in relationships with partners and contractors.
‍
Representatives of partners and contractors using SEABERRY TECHNOLOGIES DOO's information assets, as well as the information provided to them, are liable in accordance with contractual provisions, as well as applicable law.