The security policy provides Zalaris Management with direction and support for information security, in accordance with business requirements and relevant laws and regulations.
The overall objectives are to protect:
- the financial assets Zalaris is managing
- Zalaris’ ability to handle prioritised tasks and services to our clients
- the integrity and confidentiality of Zalaris’ information
- from illegal actions, accidents, and unintended incidents
- internal Zalaris processes (HR, Legal requirements, etc)
The following information security key principles for Zalaris are:
- All information security-related work shall be an integral part of Zalaris’ ordinary operation and shall support Zalaris to achieve objectives for quality and effectiveness.
- Compliance with legislative, regulatory, statutory, and contractual requirements across all organisational units and countries Zalaris is present in at any time.
- Information security risks and mitigation actions & controls will be identified by performing structured risk analysis work.
- All employees shall have the necessary knowledge and awareness, including being trained to act according to the information security policy in their daily work.
- Access control will be established in all information systems and physical premises to avoid unauthorised usage.
- If unwanted security breaches happen, all information security-related actions shall limit the damage and ensure normal operation as soon as possible
- Change control will be executed according to defined procedures. Major changes to information resources will be tested and approved by authorised personnel. All major changes will be traceable.
- Proper management of security incidents, including management of business continuity, is critical to Zalaris due to the nature of Zalaris’ core business – HR and Payroll outsourcing.
Information is a very important asset to Zalaris. Information security covers actions and controls to protect assets, information and ability to solve tasks, by securing:
- Confidentiality: no personnel will have access to information unless it is job-related tasks.
- Integrity: information and systems shall be correct and trustworthy.
- Availability: information and systems shall be available to authorised users when needed: need to know principle.