The purpose of this policy is to establish an information security management system in accordance with the requirements of the international standard ISO/IEC 27001 and to provide guidelines for the protection of information and assets of the organization ISS doo. Sarajevo, and its information system, from various threats, as well as to ensure business continuity.

In this way, it reduces potential damage, enhances the image, increases revenue, and recovers invested resources.

This policy applies to all employees within the company. It also applies to contractors, consultants, temporary employees, subcontractors, or any third parties with whom the company has any business collaboration.
This policy extends to all assets, tangible and intangible, that are owned or leased by ISS doo. Sarajevo.

The owner of this policy responsible for managing it, ensuring proper utilization by employees, and keeping it up to date is the ISMS Manager.

Information, regardless of its form (written, verbal, printed, or electronic), is a primary business asset that holds its value. Therefore, it is essential to adequately protect it. Information, together with other assets and components (people, processes, procedures, services, hardware, software, infrastructure, equipment, etc.), constitutes the information system of ISS doo. Sarajevo.

In order to protect the information system and all information assets from various threats (computer fraud, espionage, hacking attacks, viruses, floods, fires, earthquakes, etc.) and to ensure business continuity, minimize damage, recover investments, and improve the company's image, the Director of ISS doo. Sarajevo has approved this policy, which sets objectives and basic principles for establishing an effective Information Security Management System (ISMS).

In Sarajevo, 30th September 2020.