Information Security Policy
The protection of information and its processing systems is of strategic importance to the company, enabling it to achieve both its short-term and long-term goals, while also safeguarding the privacy of the patients and attendants on the receiving end of its services.
The Mesogeios Dialysis Center Group acknowledges the crucial role of information and information systems in its business operations, and implements this Information Security Policy in order to:
- ensure the confidentiality, integrity, and availability of the information it handles;
- secure the proper operation of its information systems;
- promptly deal with any incidents that could jeopardize the business operations of the company;
- satisfy any legislative and regulatory requirements;
- continuously improve the level of Information Security.
For this reason:
- The organizational structures necessary to monitor issues relevant to Information Security are defined.
- The technical measures required to control and restrict access to information and information systems are also defined.
- The method implemented to classify information according to its importance and value is determined.
- The necessary actions to protect information during its processing, storage, and distribution stages are described.
- The methods followed to inform and train the employees and partners of the company in matters of Information Security are determined.
- The ways to deal with any Information Security incidents are specified.
- The measures to protect the safe continuation of the company’s business operations in cases of information system dysfunctions or in case of a disaster are described.
Mesogeios carries out regular assessments of the risks associated with Information Security and takes the necessary steps to address them. It also implements an evaluation framework measuring the effectiveness of Information Security procedures. Through said framework, performance indicators are defined, their measurement methodology is described, and periodic reports are made which are then reviewed by Management in order to continue improving the system.
The Information Security Officer is responsible for monitoring and supervising the policies and procedures related to Information Security, as well as for taking initiative to eliminate all the factors that may jeopardize the availability, integrity, and confidentiality of the company’s information.
All Mesogeios employees and partners with access to the company’s information and information systems are tasked with the responsibility to comply with the regulations of the Information Security Policy that is currently in force.