1. adequate office space in which to carry out the activities for which permission was granted;
2. technical, that is physical protection of the facilities, equipment and documentation.
Article 97
The Company is required to perform the services within individual organizational units.
If need be, during the weekend, national and religious holidays, on-call duty can be arranged of which clients will be notified
Exceptionally, the Director may prescribe different work hours or trading times of which clients will be notified via the
Employees of the Company shall have appropriate qualifications, knowledge and experience required for good
The information system of the Company shall be adequate, given the scope and complexity of the services provided by the
36
The Company has a duty to ensure an effective control and protection of its information systems, which must
provide security, completeness, and confidentiality of data, and in particular:
1. hardware and software protection from unauthorized access to data with detailed monitoring (procedures for registration,
analysis and control of every activity in the system), access control via authorization to its users;
2. adequate training of employees pertaining to the use of the system and the procedures for its protection.
3. that only authorized persons, on which the Company keeps separate records, have access to the information
system and the ability to input, edit and use data;
4. that every person with access to a workstation must have a user name and password and can only access those functions that
are necessary to carry out his work, given that only one person may have one username and password;
5.that only approved information, in the manner stipulated in the Company acts, may be entered into the information system
of the Company;
6. that only information whose entry has been approved has been entered into the information systems;
7. that the accuracy of entered data is regularly checked
Excerpts from the information system of the Company shall bear the date and time of preparation and verification by the
authorized individual.
Article 101
The Company has a duty to adopt, implement and regularly update measures which will ensure the continuity of the business
information system, and in particular:
1. protection of the system with hardware and software solutions, reliable systems for continuous power supply, reserve of
telecommunications links and devices;
2. reliability of the information system:
- the creation of simultaneous duplicate data on servers and backup servers,
- compiling at least two copies of the data at the end of each work day, one copy to be kept in the offices, and the
second copy in another location.
The Company is obliged to adopt, implement and regularly update measures that will ensure continuity of operations in the
event of extraordinary circumstances, which include the timely establishment of function for access to information and timely
resumption of services if, in the event of extraordinary circumstances, it is not possible to carry out uninterrupted operations.
Do'stlaringiz bilan baham: