Information Security Policy
This policy aims to protect StatDec’s information from internal and external threats, ensuring the confidentiality, integrity, and availability of information, both for its clients and its own operations.
The policy applies to all employees, partners, and external suppliers of StatDec who have access to the company’s information systems, data, and infrastructure, including data analysis and credit scoring models.
StatDec is committed to the following principles of information security:
-
Confidentiality: We ensure that our clients' information and business data are accessible only to authorized individuals.
-
Integrity: We ensure the accuracy and completeness of information and prevent any unauthorized changes.
-
Availability: We ensure that information and systems are available when needed by their users.
StatDec follows a continuous risk management process that includes the regular identification and assessment of threats in the field of information security, particularly in areas related to data analysis and the development of models for the banking and insurance sectors.
All StatDec employees are responsible for:
-
Following information security procedures.
-
Immediately reporting any security incidents or suspicious activity.
-
Participating in regular training sessions on information security.
This policy fully complies with ISO 27001:2022, as well as all relevant regulations and legislation, such as the General Data Protection Regulation (GDPR) and other data security-related regulations.
The information security policy will be reviewed annually or when there are significant changes in StatDec’s business data and operations, aiming for the continuous improvement of the Information Security Management System (ISMS).
The company ensures that all employees are adequately trained in security procedures through regular training and updates on information security threats.
This policy has been approved by StatDec’s management and will be communicated to all employees and partners for immediate compliance and implementation.