INFORMATION SECURITY MANAGEMENT SYSTEM

•Identify risk acceptance criteria and risks, develop and implement controls.

• To ensure the application of the information security risk assessment process to identify risks related to the loss of confidentiality, integrity and accessibility of information within the scope of the information security management system;

• Identify a framework for assessing the confidentiality, integrity, and accessibility impact of information within the scope of the information security management system.

• To constantly monitor the technological expectations in the context of the scope of service

• To provide information security requirements arising from the national or sectoral regulations it is subject to, fulfilling the legal and relevant legislative requirements, meeting the obligations arising from the agreements, and corporate responsibilities towards internal and external stakeholders.

• Reducing the impact of information security threats to service continuity and contributing to continuity

• Have the competence to quickly intervene in the information security events and minimize the impact of the incident

• Maintaining and improving the level of information security over time with a cost-effective control infrastructure.

• To improve the corporate reputation, to protect against the negative effects of information security.

Procedures and policies supporting this policy have been established to ensure the security of the information.

FADAMKO ALUMINUM METAL LTD. Sti. TOP MANAGEMENT is committed to the realization, review and continuous improvement of the applications related to Information Security.