Information Security Policy

The responsibility of SLS is to:

• Ensure the compliance with legislation, regulations and further applicable
  standards will be met;
• Comply with the requirements of confidentiality, integrity and availability
  satisfactory for SLS business goals, in particular with the needs of its
  members;
• Implement controls to protect SLS information assets from theft, intrusion,
  abuse or other forms of illicit treatment;
• Promote a culture of awareness and commitment to information security
  amongst the Management Board, line managers and employees, motivating
  them to become aware and take responsibility for their intervention in ISMS,
  so as to minimize the risk of security incidents;
• Ensure the availability and reliability of the equipment’s, infrastructures and
  systems that support SLS activity;
• Ensure that SLS has the ability to continue its activity in case any serious
  security incident occurs, under the conditions laid down in the specific
  applicable rules and procedures;
• Ensure the protection of personal data, particularly as provided by the
  applicable legislation;
• Follow industry best practices, namely those based on applicable regulations;
• Ensure that external suppliers/parties fit SLS security needs and
  requirements;
• Reduce the damage caused by information security incidents at SLS, as well
  as ensure that they are reported and investigated under the terms defined
  for that purpose;
• Ensure  the  continuous  improvement  of  ISMS,  in  order  to  guarantee  its 
  suitability  and effectiveness;
• Ensure that information is protected against unauthorized access;
• Ensure that information security goals are in line with company business
  objectives, strategy and business plans.

The SLS Management Board sets responsibilities for continuous review,
measurement and improvement of these general Information Security Management
System (ISMS) objectives.