IMS Policy
IST – International Software Techniques S.A. is an Independent Software Vendor (ISV), being actively engaged in the following software-related business activities and operations:
Commercial activities, analysis, design, implementation, customization, deployment, training, and technical support of integrated IT solutions (proprietary and third party).
The software solutions and services we provide to our clients, as well as our technical and support services, are in accordance with:
-
our clients’ requirements and our contractual obligations,
-
our partners’ requirements,
-
our stakeholders’ expectations,
-
our shareholders’ objectives and goals,
-
legal / regulatory requirements,
-
quality objectives and goals that we set,
-
objectives and goals of the environmental policy that we have adopted,
-
principals of confidentiality, integrity, and security of the information that we handle,
-
principals of business resilience and business continuity,
-
our commitment to fulfilling external and internal IT services requirements and process performance.
In order to be consistent with the above:
-
We have adopted a Quality Management System (QMS) and are currently certified against the ISO 9001:2015 standard. Our QMS applies to all the relevant activities, procedures, and operations of the company.
-
We have adopted an Environmental Management System (EMS) and are currently certified against the ISO 14001:2015 standard. Our EMS applies to all the relevant activities, procedures, and operations of the company.
-
We have adopted a Business Continuity Management System (BCMS) and are currently certified against the ISO 22301:2019 standard. Our BCMS applies to all the relevant activities, procedures, and operations of the company.
-
We have adopted the principles of an Information Security Management System (ISMS) and have introduced the framework of the ISO 27001:2013 standard to all the relevant activities, procedures, and operations of the company.
-
We have adopted the principles of an IT Service Management System (ITSMS) and have introduced the framework of the ISO 20000:2011 standard to all the relevant activities, procedures, and operations of the company.
-
We review, update, and constantly improve upon the characteristics of the solutions and services that we offer to our clients.
-
We provide the resources needed for the effective and efficient operation of every company department.
-
We have established a Research & Development department to which we allocate significant resources, in order to introduce innovative solutions to the market.
-
We invest in the frequent and on-going training of all our employees, through participation in seminars, forums, crash-courses, subscriptions to specialty journals, as well as memberships in special interest groups and associations.
-
We communicate to our employees the importance of Quality, Environmental, Information Security, Business Continuity, and IT Service Management principles in every company activity.
-
We review, update and constantly improve upon the Standard Operating Procedures and overall effectiveness of all the Management Systems that we have adopted.
-
We define, monitor, analyze and evaluate all the critical aspects of each and every Standard Operating Procedure so as to achieve the Quality, Environmental, Information Security, Business Continuity and IT Service Management goals that we set.
-
We set measurable objectives for Quality, the Environment, Information Security, Business Continuity, and IT Service Management, which are monitored and evaluated frequently by our Management Review.
The company’s Management strongly believes that by setting and meeting Quality, Environmental, Information Security, Business Continuity, and IT Service Management goals (as well as, by adhering to the principles of the Standard Operating Procedures that have been defined, frequently reviewed, and updated) a company-wide Continual Improvement Process can be achieved.
Therefore, the Management of IST is committed to complying with the defined Integrated Management System (IMS) Policy, while at the same time will channel Quality, Environmental, Information Security, Business Continuity and IT Service Management feedback, improvements, results, and goals to its employees.
Our commitment to Environmental Management principles (EMS):
-
Continuous and comprehensive evaluation of the environmental impact that the company’s activities may have, in order to reduce our overall environmental footprint, by engaging in proactive environmental initiatives.
-
Continuous improvement of our environmental management system and our environmental performance through monitoring and review of all relevant resources consumption and waste production, as well as through the definition of objectives and goals.
-
Compliance with all national and EU environmental laws and regulations, as well as with other regulatory provisions and compliance obligations which we have acknowledged in writing.
-
Preemptive steps to ensure the avoidance of emergency or hazardous situations.
-
Environmental awareness and motivation of employees.
Our commitment to Information Security Management principles (ISMS):
-
Effective protection of the information entrusted to us by our clients and partners.
-
Constant and sophisticated protection of information and privacy resources against every type of threat (internal or external, intentional, or random).
-
Continuous and comprehensive identification, planning, monitoring, and analysis of risks; Risk Assessment and Risk Management procedures.
-
Adoption of Information Security principles for all line-of-business activities.
-
Adoption of secure data archiving, backup, full audit trail, access control, logging, disaster recovery principles and guidelines.
-
Swift and effective management of all Information Security incidents and breaches.
-
Compliance with all national and EU information security laws and regulations, as well as other regulatory provisions.
-
Employee awareness and motivation; briefings of employees and management regarding information security issues.
Our commitment to Business Continuity Management principles (BCMS):
-
Deliver the key services – as derived via Business Impact Analysis or special technology strategies – within an acceptable timeframe following an incident.
-
Satisfy any legal, requirements and compliance obligations related to the continuity of its operations, solutions, and services.
-
Assure that key interested parties’ concerns are met, and they are appropriately informed during any disruptive incident.
-
Appoint personnel with appropriate seniority and authority to be accountable, irrespective of other responsibilities, for implementation, monitoring, and maintenance of the BCMS.
-
Ensure that Business Continuity and recovery arrangements for key services along with their associate supporting critical activities and resources are developed and incorporated in the BCM Program.
-
Ensure that appropriate risk management techniques and controls are used to reduce the likelihood and impact of any incident - of key services and solutions - to an acceptable level.
-
Ensure that the Business Continuity requirements and plans are regularly reviewed to reflect the current needs of the organization.
-
Ensure that appropriate personnel are aware of the BCM arrangements and are trained and exercised, regularly.
-
Prove that the trainings and arrangements are effective via regular exercising and testing.
-
Make sure that key suppliers can support the organization in meeting these objectives.
Our commitment to IT Service Management principles (ITSMS):
-
Coordinate the integration and implementation of IT Service Management processes to provide ongoing control, greater efficiency, and opportunities for continual improvement of all existing and new services.
-
Services are delivered to a defined quality, sufficient to satisfy requirements identified from business processes.
-
A clear service portfolio is developed and maintained as a basis for all service delivery and service management activities.
-
For all services, a corporate level SLA and / or specific SLAs, which have been agreed with relevant stakeholders, are in place.
-
All roles and responsibilities for managing services (including roles as part of IT Service Management processes) are clearly defined.
-
Feedback from business stakeholders is used to continually improve services and service quality. All proposals for improvements are recorded and evaluated.
-
IT Service Management is improved based on continual monitoring of process performance and effectiveness.
-
Through trainings and awareness measures, it is ensured that employees involved in IT Service Management activities can perform their duties and tasks effectively, according to their assigned roles.
Thanos Prinjos
Chief Executive Officer
Thursday, 16 June 2022