1.1 Information Security Policy
PCT’s IT Department provides a wide range of IT services to internal and external customers both in Greece and abroad. In this context, PCT’s IT Department collects and processes information necessary for its customers’ business operations. The protection of information and information processing equipment is of strategic importance for PCT’s IT Department, in order to achieve its short- and long-term objectives while also ensuring the seamless operation of customer activities.
Acknowledging the criticality of its information and IT systems, PCT’s IT Department applies an Information Security Policy that aims to:
- Safeguard information confidentiality, integrity and availability
- Ensure the proper operation of IT systems that support service delivery to its clientele
- Handle incidents that could compromise its business operations on an effective and timely manner
- Fulfill the applicable legal and regulatory requirements
- Continuously improve its Information Security performance.
For this purpose, PCT’s IT Department:
- Defines the required organizational structures for monitoring Information Security-related issues
- Determines technical measures to control and restrict access to information and IT systems
- Specifies the classification scheme based on the information’s significance and value
- Describes the actions required to protect information throughout its lifecycle and especially during its processing, storage and transmission
- Determines training and awareness-raising activities on Information Security issues for its employees and partners
- Specifies how Information Security incidents are being handled
- Describes methods for ensuring the secure continuity of its business operations in cases of IT system malfunctions or disasters.
PCT’s IT Department performs Information Security risk assessments at regular intervals and takes appropriate treatment actions. A performance evaluation framework is also in place based on measurable indicators, in order to facilitate the System’s review by Management and ensure the effectiveness, suitability and continuous improvement of Information Security procedures.
The Information Security Officer is responsible for auditing and monitoring the implementation of Information Security policies and procedures as well as taking the initiatives required for the elimination of factors that could compromise information confidentiality, integrity and availability of PCT’s IT Department and/ or disrupt its customers’ operations.
All employees and partners with access to information and systems of PCT’s IT Department are responsible for conforming to the rules of the applicable Information Security Policy.
PCT’s IT Department is committed to the unceasing compliance with the legal and regulatory framework as well as the continuous implementation and effectiveness improvement of Information Security policies and procedures.
1.2 IT Service Management Policy
The mission of PCT’s IT Department is the management, development, provision and maintenance of IT services that serve terminal and port operations of internal and external customers.
In line with PCT’s vision and values, the primary objective of PCT’s IT Department is the contribution to the:
- Reliable and consistent service delivery
- Continuous qualitative and quantitative improvement of provided service levels
- Timely and responsible handling of customer requirements.
The principles that govern the IT Service Management Policy of PCT’s IT Department are:
- High quality of IT Service Management, which comprises of the following axes:
- Fulfillment of customer specifications, service level targets and contractual obligations
- Reliability and availability of provided services
- Prompt response to customer requests within agreed time objectives
- Continuous improvement of the provided services’ quality and quicker response to customers through standardized procedures
- Systematic assessment and mitigation of operational risks and costs
- Incorporation of the applicable Information Security Policy into IT service delivery and assurance of services’ compliance with legal and regulatory requirements set by supervisory authorities and bodies
- Design, implementation, monitoring, maintenance and continuous improvement of an IT Service Management System according to ISO 20000-1 requirements, which ensures the optimal efficiency and effectiveness of service management and maximum customer satisfaction, through internal audits, regular reviews of provided services and the System, customer satisfaction surveys and periodic external audits by specialized third parties.
To achieve the afore-mentioned objectives, PCT’s IT Department:
- Seeks the continuous improvement of its know-how and the knowledge dissemination to its personnel
- Selects specialized executives and supports their continuous training
- Invests on reliable and up-to-date equipment
- Designs, adopts and monitors the application of a performance evaluation system based on indicators and target values, to achieve the optimal control and operation of Service Management
- Identifies and addresses risks threatening the smooth service delivery
- Is committed to the continuous implementation and improvement of the IT Service Management System and provided services as well as their adaptation to the customer requirements
- Communicate the present Policy to all the IT personnel and ensure that it is constantly updated in alignment with PCT’s and IT Department’s rules and strategic objectives
- Builds excellent communication and cooperation between the Management and Executives.