- Managing information assets, identifying security values, needs and risks of assets, developing and implementing controls for security risks.
- Define the framework within which information assets, values, security needs, vulnerabilities, threats to assets, and methods for determining the frequency of threats.
- Define a framework for assessing the impact of threats to privacy, integrity, and accessibility on assets.
- To set out the working principles for the processing of risks.
- Continuously monitoring risks by reviewing technological expectations in the context of the scope covered.
- To provide information security requirements arising from national or international regulations, legal and related legislation requirements, contractual obligations, and Company responsibilities to internal and external stakeholders.
- To reduce the impact of information security threats on service continuity and to contribute to continuity.
- To have the competence to rapidly intervene and minimize the impact of information security events that may occur.
- Maintain and improve a cost-effective control infrastructure and level of information security over time.
- To improve the reputation of the company, to protect against the negative effects of information security.