Action Line, responding to the demands of modern business reality and aiming to protect its information systems, always striving for the seamless and exemplary service of its clients, has decided to design and implement an Information Security Management System in accordance with the requirements of the International Standard ISO 27001:2013.

The Company’s Information Security Management System covers the services of selection, assessment, and provision of human resources and was designed according to the needs and goals of the Company, as well as the Legal and Regulatory Requirements of current Greek and European Legislation.

The main objectives, as expressed within the processes of the company’s Information Security Management System, are:

• Creating a basis for the continuous improvement of the effectiveness of its processes, with the constant satisfaction of the needs and expectations of its clients to the maximum extent possible.
• Minimizing the number of incidents that may affect the continuity of operational processes, as well as minimizing their impact.
• Handling information that is stored and transmitted in any way through its electronic and non-electronic systems and constitutes elements of paramount importance for its operation and position in the market, in a way that protects their security in terms of confidentiality, integrity, and availability.
• Compliance with the laws and regulatory provisions to which the company is subject.
• Continuous improvement of the system.

The Management’s goal regarding the protection of personal data is its compliance with the following principles:

• Processing personal data fairly and lawfully.
• Keeping personal data for clearly defined purposes.
• Limiting personal data to what is strictly necessary for achieving these purposes.
• Protecting personal data through adequate security measures.
• Keeping personal data for a specified period of time (depending on the purposes).

The company’s system is reviewed at regular intervals by Management in order to adapt to the new needs and developments of the market, legislative requirements, as well as to achieve the goal of securing the company’s information. Annual objectives for Information Security are also reviewed and readjusted if necessary.

Management is committed to providing the infrastructure and equipment deemed necessary for the implementation and availability of its work. Each employee is responsible for complying with, assimilating, and implementing the procedures required by the Information Security Management System through their daily activities. For this reason, all employees, according to their responsibilities, are informed about the System and act demonstrably in accordance with the established rules of security and confidentiality.

The Information Security Policy is communicated, understood, and applicable by the entire human resources, with the ultimate goal of the continuous, steady development of its business activity, with unwavering commitment to its principles and the continuous provision of high-quality products and services to its clients. It is reviewed at regular intervals with the aim of continuous harmonization with market conditions, technological developments, and current legislation.

Processes, flows, and actions that do not ensure the achievement of the set objectives are immediately interrupted by the responsible parties, root cause analyses are conducted, and the required improvement measures are defined.

Management

Despina Voudouri

Athens, 01/05/2020

(Version: 1)