Information Security Policy

The purpose of information security management is to provide and protect the information and property of all threats, whether internal or external, incidental or intentional, through the establishment, implementation, execution, monitoring, review, maintenance and enhancement of the Secure Information Management System (ISMS).

The information security policy aims to demonstrate in a clear and unambiguous way goal of Bulbitech AS to implement and continuously improve its operations in in accordance with the requirements of the international standard ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements.

Bulbitech AS respecting the principle of preserving confidentiality, availability and integrity of information and informational resources, and thus in that way provides and guarantees:

  • Protection of information and other information resources from all internal or external, intentional or accidental threats, through establishment, implementation, application, monitoring, review, maintenance and improvement ISMS;

  • The information will be protected from unauthorized access to the same confidentiality of information will be maintained;

  • Information will not be disclosed to unauthorized persons by accidental or deliberate activities;

  • The integrity of the information will be preserved through protection against unauthorized alteration;

  • The ability to access and change information to authorized persons when necessary;

  • Compliance with all controls and legal requirements will be ensured;

  • Business continuity through continuous business plans that will be held and tested in continuous practical work;

  • Training is carried out through all organizational parts of Bulbitech AS any breaches of the safe handling of information will be considered and investigated;

  • Minimizing the eventual business damage by preventing security risks, i.e. reducing their impact to a minimum;

  • Improving his corporate image, profitability and competitive advantage.

The above mentioned is provided through:

  • Leadership of Bulbitech AS ensure inclusion of all employees, on all levels, in achieving the information security goals of the company, which generally lead to a high level of information security;

  • Compliance with relevant legal, regulatory and contractual requirements, as well as with the requirements of the standard ISO/IEC 27001:2022;

  • Information security, cybersecurity and privacy protection trainings ensure safety culture awareness of employees about their role and responsibilities;

  • Compliance with strategic business plans and goals of Bulbitech AS;

  • Respecting the interests of business clients, internal and external users and other interested parties;

  • Preventing unauthorized access to information resources of Bulbitech AS;

  • Maintenance and improvement of the ISMS of safety of employees, clients, information and property;

  • A clear organization and division of responsibilities in terms of information security;

  • Risk management in order to reduce the impact of security threats for Bulbitech AS;

  • Continuous audits, reviews and improvements of ISMS.

All Bulbitech AS employees are responsible for the implementation of information security policy.

External consultants, temporary employees, contractors and subcontractors and third parties with which Bulbitech AS has any business cooperation, should be aware of their obligations and responsibilities, as defined in their job description or contract, and to ad in accordance with this policy.

We, Bulbitech AS are responsible for implementing the information security policy in their business processes as well as for its application by employees.

We, Bulbitech AS ensure that this policy is communicated and understood to all interested parties, implemented and maintained at all levels in Bulbitech AS and reviewed on management review meeting to respond to any changes in the risk assessment.

This policy provides a framework for further setting up the company's relevant information security objectives and basic principles for establishing an effective information security management system (ISMS).