Information Security Policy

The information security policy aims to demonstrate in a clear and unambiguous way the commitment of Global Standards Consortium DOO, Novi Sad to continuously implement and improve its operations in accordance with the requirements of the international standard ISO / IEC 27001: 2013 (ISMS), respecting the principle of preserving the confidentiality, availability and integrity of information and information resources, and thus to provide and guarantee:

• protection of information and other information resources (people, processes, procedures, services, hardware, software, infrastructure, equipment ...) as fundamental values ​​of Global Standards Consortium DOO, Novi Sad, of all internal or external, deliberate or accidental threats (computer fraud, spyware, hacker attacks, viruses, floods, fires, earthquakes, etc.), through the establishment, implementation, application, monitoring, review, maintenance and improvement of ISMS;
• business continuity;
• minimizing possible business damage by preventing security incidents, i.e. minimizing their impact to a minimum;

thereby enhancing our corporate image, profitability and competitive advantage.

The above is provided (implemented) through:

• Leadership stance of the founders of the Global Standards Consortium DOO, Novi Sad, regarding the inclusion of all employees, on all levels, in achieving the goals of the company, which generally lead to a higher level of information security;
• Compliance with strategic business plans and goals of the Global Standards Consortium DOO, Novi Sad, relevant legal, regulatory and contractual requirements, as well as requirements of ISO/ IEC 27001: 2013;
• Security culture and employee awareness of their roles and responsibilities;
• Respecting the interests of business clients, internal and external users and other involved parties;
• Preventing unauthorized access to information resources of the Global Standards Consortium DOO, Novi Sad;
• Maintenance and improvement of the safety systems of employees, clients, information and property;
• Clear organization and division of responsibilities regarding information security;
• Risk management in order to reduce the impact of security threats of the Global Standards Consortium DOO, Novi Sad;
• Crisis management;
• Continuous reviews and improvements.

All employees, consultants, external consultants, temporary employees, contractors and subcontractors and third parties with whom Global Standards Consortium DOO, Novi Sad has any business cooperation, should be responsible for their obligations and responsibilities as defined in their job description or contract, and come in line with this policy.

They are responsible for preserving the confidentiality, availability and integrity of information and other information resources of Global Standards Consortium DOO, Novi Sad at all stages of their life cycle, and making sure that their actions do not impair their safety.

Both the founders and employees of Global Standards Consortium DOO, Novi Sad are responsible for implementing the information security policy in their business processes.

Failure to comply with the Information Security Policy entails disciplinary action.

The founders of Global Standards Consortium DOO, Novi Sad ensure that this policy is communicated and understood to all parties involved, that it’s implemented and maintained at all levels of the company and reviewed at least once a year in order to respond to any changes in the risk assessment or risk management plan.

This policy has been approved by the Director of Global Standards Consortium DOO, Novi Sad and provides a framework for further set up of company's relevant goals and basic principles for establishing an effective information management system (ISMS).

Novi Sad, May 11, 2018.