Information security policy

Version: 01

Approved by Alexandra Veleva-Marinovska

DOCUMENT MANAGEMENT

VersionDataDescriptionАвтор
0113.03.2024Initial creation, according to SI2-3Plamen Slavov, Ivo Atanasov, 
Genoveva Dzhustrova

The policy is reviewed annually.

ISMS SCOPE – ACTIVITIES

“Design, development, implementation, maintenance and operation of software and software products”.

RANGE OF ISMS – PHYSICAL

Sofia city 1407, Lozenets district, Atanas Dukov str. #29, Bulgaria

SCOPE OF ISMS – INFORMATION SYSTEMS

The scope of the information security management system includes all information assets of the company detailed in the relevant register for:

  • Information;
  • Software;
  • Hardware;
  • Services;
  • Resources;

CONTEXT OF THE COMPANY

5.1. EXTERNAL CONTEXT

The external context has been taken into account in developing the risk management criteria and includes:

  • Political and international developments:
    • Political and economic stability in countries in whose markets the company operates.
    • Political and economic stability in markets of interest to the SINEO™ platform.
  • Strict monitoring and implementation of all changes related to regulatory requirements as well as European laws and directives regarding personal data.
  • Reporting on economic development and competing companies:
    Competitors of Sineo (software platform):
    • Healee – telemedicine platform;
    • Medrec:m;
    • Consento;
    • Shemhahealth with propa – the teleoncology platform for patients and their loved ones /from 2021/
  • Community-management platforms:
    • Higher logic – Thrive;
    • Higher logic – Vanilla;
    • Khoros community;
    • Mighty networks;
    • Discourse;
    • Gainsight;
    • Webex Events;
    • Circle;
    • Bettermode;
    • Beam.gg;
    • Disciple;
    • Amity;
    • Big marker;
    • Influitive;
    • Threado AI;
    • Hivebrite;
    • Uuki;
    • Glue up;
    • Heartbeat;
    • Common Room;
    • ToucanTech;
  • The development of information and communication technologies:
  • Relationships with competitors:
    • Monitoring the development of competitors;
    • Monitor market developments and respond with new or adapted functionality ahead of the competition;
    • Enter into partnerships with potential competitors to prevent business cannibalisation;
    • Retention of personnel who have the potential to work for competing companies;
  • Relationship with clients;
  • Relations with state administrative organizations;
  • Relationships with partners and suppliers;
    • Software Development;
    • Design and development of the platform;
    • Providers of server, network and hardware solutions;
    • Marketing and digital marketing;
    • Administrative, legal and accounting activities.

5.2. INTERNAL CONTEXT

The internal context is defined by:

  • The owner of the company;
  • The company’s business plan, objectives and strategies;
  • Resources;
  • Internal documents and rules;

FUNDAMENTAL PRINCIPLES

“SINEO” Ltd. ensures reliability and security through strict compliance with existing legal and regulatory requirements in Bulgaria, the European Union, India and other countries where the company may operate.

The company strives for high professionalism by providing quality and professional customer service, prompt satisfaction of their needs, honesty and transparency.

We require all our customers, partners, suppliers and contractors to comply with our security policies when working on our networks and with our information assets, for which we have implemented appropriate protection and control mechanisms.

In order to maintain a constant level of security of the information we manage and to increase our customers’ trust in us, we take into account the development of technology, potential threats and strive to implement all possible practices to prevent their realization.

We strive for high professionalism by providing a quality and professionally designed, developed, implemented and maintained SINEO™ platform.

STRATEGIC OBJECTIVES AND IMPROVEMENT OF ISMS

Information security objectives are:

  • managing risks by treating them to an acceptable level;
  • minimising the amount of loss or damage caused by information security breaches;
  • ensuring continuity of core business processes;
  • early incident identification;
  • Identify and comply with legislative, regulatory and accepted business requirements;
  • improving and maintaining the IT infrastructure in line with modern technologies;
  • data protection and information system on the SINEO™ platform.

Copyright © SINEO Ltd. – All rights reserved
This document is the property of CINEO Ltd. No part of this document may be disclosed, reproduced or copied to third parties in any form without the prior written permission of the Company Manager.

Copies for internal use are not subject to this restriction.