Information Security Policy

……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

……..WEASIC acknowledges that information, along with the procedures, systems, and services that manage this information, are vital assets to the organization. WEASIC further recognizes the importance of secure management of company information to protect the interests of employees, partners, clients, and all other stakeholders associated with the company. The organization is committed to implementing robust information security practices to ensure the confidentiality, integrity, and availability of information, in alignment with ISO 27001 standards.

……..The Information Security Policy is applied to all information, systems, and services within WEASIC. The primary objective of information security is to ensure the confidentiality, integrity, and availability of information. This includes restricting access to information to authorized individuals only, protecting the accuracy and validity of information throughout its lifecycle, and ensuring that information is accessible when needed. These principles are upheld in accordance with ISO 27001 standards to maintain a secure information environment.

  •  WEASIC personnel are accountable for information security. All users of WEASIC information and information systems are required to adhere to the company’s information security policies and procedures.
  • WEASIC provides mandatory training and awareness sessions on information security for all personnel, ensuring they are equipped with the necessary knowledge to protect company information.
  • WEASIC is fully committed to complying with all applicable legal and regulatory requirements related to information security and the protection of personal data. • Supplier selection and project management are conducted by WEASIC in accordance with information security principles, ensuring that third-party services align with the company’s security standards.
  • Access to WEASIC information and systems is strictly limited to authorized users. Access control is enforced through appropriate security measures and access management procedures to maintain the confidentiality, integrity, and availability of information.
  • All WEASIC information assets are classified in accordance with the company’s Information Classification Policy and are managed based on their respective classifications to ensure appropriate handling and protection.
  • WEASIC has implemented physical security measures at its premises to safeguard against unauthorized access and protect critical information and assets.
  • The company has established procedures to manage and respond to information security incidents effectively and in a timely manner, ensuring minimal disruption to business operations.
  • WEASIC maintains Business Continuity Plans to ensure the resilience of critical processes in the event of failures or disasters impacting operations or infrastructure. These plans are regularly tested to confirm their effectiveness.
  • WEASIC conducts regular audits to assess the adequacy of information security controls and ensure their consistent implementation across the organization, WEASIC is committed to the continual improvement of its Information Security Management System (ISMS) and the security measures it implements, ensuring that they remain effective, relevant, and aligned with evolving threats, business needs, and regulatory requirements.

 

For and on Behalf of WEASIC Microelectronics S.A.

Chief Executive Officer

Emmanouil Metaxakis

09/7/2024