BREMA spol. s r.o.
Information Security Policy of the Company
Information Security Policy
BREMA, spol. s r.o. is fully aware of the importance of information protection in the modern digital world. Therefore, we are committed to building an information security management system in compliance with recognized standards and the requirements of European and Czech legislation.
Mission
Our mission is to create a secure digital environment for our clients, employees, and partners through innovative and effective security solutions.
Vision
We aim to be an organization where information security is an integral part of all processes, and where our information and data are protected from all potential threats. This will allow us to maintain the trust of our customers, partners, and employees, strengthen our competitiveness in the market, and ensure the seamless operation of all business processes. Our information security will be dynamic, proactive, and always one step ahead of ever-evolving cyber threats.
Core Principles
Our company considers information security a key priority in all our activities. We are committed to protecting the confidentiality, integrity, and availability of all information we manage in compliance with the requirements of ISO 27001 and the NIS2 directive as reflected in Czech legislation.
Scope of Protection
This policy encompasses the comprehensive protection of all client data and internal company information. It includes the protection of employee personal data, intellectual property, and technical infrastructure, including all systems. The policy applies to all processes covered by ISO 27001 certification and all regulated services we provide, as defined by the NIS2 directive.
Information Security Management System (ISMS)
The company is committed to building and maintaining an information security management system according to ISO 27001. Within ISMS, we define the scope and policy in line with corporate objectives, systematically manage information assets and associated risks, implement and maintain adequate security measures, regularly review their effectiveness, and continually improve the entire information security management system.
Company Commitments
Our company is committed to systematically identifying and evaluating security risks and implementing effective security measures. We provide regular employee training on information security and comply with all ISO 27001 requirements and the NIS2 directive. We conduct regular ISMS reviews, report security incidents in compliance with legislation, and continuously improve our security practices.
Standards and Compliance
In terms of standards and regulatory compliance, our company adheres to the ISO 27001 standard, including all its updates and applicable controls, and undergoes regular audits and certifications. We comply with the requirements of the NIS2 directive for network and information system security as well as the Cybersecurity Act and its implementing regulations.
Responsibility
The company’s management assumes full responsibility for creating and updating security policies and ensuring the necessary resources for information security. This includes regularly reviewing the effectiveness of security measures and maintaining ISO 27001 certification. Management is also responsible for meeting NIS2 requirements and appointing a Cybersecurity Manager (CSM) who oversees the implementation of security measures.
Implementation and Incident Reporting
Our security commitments are implemented through regular updates to security policies, audits, and employee training. We implement ISMS according to ISO 27001 and actively collaborate with expert partners in the field of information security. In compliance with the NIS2 directive, we ensure timely reporting of all significant security incidents to the relevant authorities, strictly adhere to established reporting deadlines, and maintain detailed documentation of all incidents.
Final Provisions
This policy represents a binding document for all employees, suppliers, and partners of the company. Compliance with the policy is subject to regular review as part of ISO 27001 audits and NIS2 compliance checks. The company’s management is committed to regularly re-evaluating and updating this policy in line with evolving security threats and information protection requirements.