Classification: Public
Date: 01/09/2024
Aretaeio Private Hospital Information Security Policy
The protection of information and its processing systems is of strategic importance to the Company to achieve its short-term and long-term goals and at the same time to ensure the confidentiality of the data of customers who receive its services.
Recognizing the criticality of information and information systems in the performance of its operational functions, Aretaeio Private Hospital implements an Information Security Policy with the goal to:
For this purpose:
The Company carries out assessments of the risks related to Information Security at regular intervals and takes the necessary measures to address them. It implements a framework for evaluating the effectiveness of Information Security procedures through which they are determined performance indicators, their measurement methodology is described, and periodic reports are produced which are reviewed by the Management in order to continuously improve the system.
The Information Security Officer is responsible for controlling and monitoring the policies and procedures related to Information Security and taking the necessary initiatives to eliminate all those factors that can jeopardize the availability, integrity, and confidentiality of information the company.
All employees of the Company and its partners with access to information and information systems of the Company, have the responsibility of observing the rules of the applied Information Security Policy.
Aretaeio Private Hospital committed to the continuous monitoring and observance of the regulatory and legislative framework and to the continuous implementation and improvement of the effectiveness of the Information Security Management System.