Information Security Management according to ISO 27001
The Information Security Management System is an essential tool used in the management of the unloading, storage and regasification of LNG and the transmission of natural gas on the territory of the Republic of Poland, including the entry and exit points to and from the country, as well as in the provision of services through the GSA auction platform, i.e. its management, maintenance and its development, in accordance with Information Security Policy in place at Gas Transmission System Operator Gaz-System S.A. adopted by the Resolution of the Company Management Board No. 198/Z/2023 of 13.10.2023.
The Company's objectives related to information security management:
- ensure the security of information belonging to the company as well as information received from third parties cooperating with the company,
- clear definition of tasks, powers and responsibilities of employees and managers in the field of information security and thus a significant increase in employee awareness of information protection,
- ensure that access to information is provided only to those who have been authorised to use it (confidentiality),
- ensure that the information has not changed since the last authorised modification nor has been removed in an uncontrolled manner (integrity),
- ensure the possibility of information use by an authorised person upon reasoned request and at agreed time (availability),
- protect the Company’s information against unauthorised access, uncontrolled disclosure, duplication, unauthorised modification, destruction, loss, misuse or theft, by applying appropriate physical, technical, organisational, personnel and legal safeguards,
- identify legal regulations on information security, and implement these regulations in the Company’s operations,
- provide information processing resources as appropriate for the nature of the information, and provide personnel to supervise the proper and uninterrupted processing of information in ICT systems,
- apply safeguards which are intended to ensure information security, are proportionate and adequate to the risks and ensure that staff can perform their duties properly.