Contact and Newsletter
Contact Us Arrow-small
Sign up to our newsletter

Information Security PolicySidebar menu expander

Information Security Policy

Zalaris Information Security Policy outlines Zalaris’ overall policies for the protection of information from a wide range of threats, to ensure business continuity, minimise business risks and maximise return on investments and business opportunities. The document covers Zalaris’ set of controls, including policies, processes, procedures, organisational structures & software and hardware functions to have a secure information system.

The security policy provides Zalaris Management with direction and support for information security, in accordance with business requirements and relevant laws and regulations.

The overall objectives are to protect:

  • the financial assets Zalaris is managing
  • Zalaris’ ability to handle prioritised tasks and services to our clients
  • the integrity and confidentiality of Zalaris’ information
  • from illegal actions, accidents, and unintended incidents
  • internal Zalaris processes (HR, Legal requirements, etc)

The following information security key principles for Zalaris are:

  • All information security-related work shall be an integral part of Zalaris’ ordinary operation and shall support Zalaris to achieve objectives for quality and effectiveness.
  • Compliance with legislative, regulatory, statutory, and contractual requirements across all organisational units and countries Zalaris is present in at any time.
  • Information security risks and mitigation actions & controls will be identified by performing structured risk analysis work.
  • All employees shall have the necessary knowledge and awareness, including being trained to act according to the information security policy in their daily work.
  • Access control will be established in all information systems and physical premises to avoid unauthorised usage.
  • If unwanted security breaches happen, all information security-related actions shall limit the damage and ensure normal operation as soon as possible
  • Change control will be executed according to defined procedures. Major changes to information resources will be tested and approved by authorised personnel. All major changes will be traceable.
  • Proper management of security incidents, including management of business continuity, is critical to Zalaris due to the nature of Zalaris’ core business – HR and Payroll outsourcing.

Information is a very important asset to Zalaris. Information security covers actions and controls to protect assets, information and ability to solve tasks, by securing:

  • Confidentiality: no personnel will have access to information unless it is job-related tasks.
  • Integrity: information and systems shall be correct and trustworthy.
  • Availability: information and systems shall be available to authorised users when needed: need to know principle.

 

EY Certify Point ISO-IEC-27001-2013 Information Security Management Certification Quality Management Certification

Information Security PolicySidebar menu expander