PURPOSE
The purpose of this policy is to establish a comprehensive framework to protect all forms of information assets at Aluminij — including digital data, physical records, and informational processes — from unauthorized access, disclosure, modification, or destruction. This ensures the confidentiality, integrity, and availability of information vital to the company’s operations and reputation.
SCOPE
This policy applies to all employees, contractors, and business partners who handle, access, or manage Aluminij’s information assets, regardless of the format or location of the information.
All information, whether stored electronically, on paper, or verbally communicated, must be protected in accordance with its sensitivity and legal requirements. Employees are responsible for handling information securely and preventing unauthorized access or disclosure.
Access to information and information systems is granted based on the principle of least privilege, aligned with job responsibilities and business needs. Access rights are reviewed regularly, and any necessary adjustments are promptly applied. User credentials must be protected and managed securely.
Passwords and other authentication mechanisms must meet security standards appropriate to the sensitivity of the information accessed. Users must keep their credentials confidential and avoid sharing accounts or passwords.
Measures are in place to protect physical information assets, including secure storage of paper documents and controlled access to areas where sensitive information is processed or stored.
Employees must comply with all applicable laws and internal policies related to data protection, including the secure handling, transmission, and disposal of information.
All personnel must adhere to this policy and related procedures. Signing confidentiality or data protection declarations may be required to formalize commitment to safeguarding company information.
Any actual or suspected security incidents or breaches involving information assets must be reported immediately to the designated information security officer or department to enable prompt investigation and remediation.
RISK ASSESSMENT AND MANAGEMENT
Aluminij conducts regular information security risk assessments to identify, evaluate, and manage potential threats to its information assets. These assessments cover all critical systems, processes, and data, considering both internal and external risks.
The results of the risk assessments guide the implementation of appropriate security controls and mitigation measures. Risk assessments are documented, reviewed periodically, and updated when significant changes occur in technology, business processes, or regulatory requirements.
All employees and contractors are required to support risk management efforts by promptly reporting any identified vulnerabilities, incidents, or suspicious activities that could impact information security.
TRAINING AND AWARENESS
Regular information security training and awareness programs are provided to ensure all employees understand their responsibilities and current security best practices.
POLICY REVIEW
This policy is reviewed at least every two years or sooner if required due to changes in technology, regulation, or organizational requirements.
