Information security policy

Information Security Management System

Papanikolopoulou & Partners Law (hereinafter ppl) implements an Information Security Management System compliant with the ISO 27001 standard, committed to preserve confidentiality, integrity, availability and accountability.

 

ppl has developed such Information Security Management System with the objective to:

  • identify the needs in terms of information security;
  • manage information security risks so that they remain within acceptable risk level; and
  • ensure adherence to the applicable legal framework.

 

ppl is committed in the application and promotion of information security measures in all aspects of our activities and allocates all necessary resources for the effective implementation.

General Principles

The following principles serve as fundamental information security guidelines in any information-related activity of ppl:

  • Comprehensive security: information security is understood as an integral process made up of technical, human, material and organisational elements, avoiding, except in cases of urgency or necessity, any specific action or short-term treatment.
  • Risk management: Risk management allows ppl to maintain a controlled environment, minimizing risks to the acceptable levels.
  • Proportionality: Establishment of protection, detection and recovery measures are proportionate to potential risks and to the criticality and value of the information and ppl services affected.
  • Need to know principle / Least privilege: Access to information, as well as the means for its processing, is based on the need to carry out an activity linked to the processes and business objectives of ppl. Information systems users will receive only the level of permissions necessary to carry out their professional duties.
  • Obligation to know: all ppl Members must know, understand and implement information security measures. Vendors and visitors are informed whenever needed.
  • Continuous improvement: Security measures are regularly re-evaluated and updated to bring their effectiveness and efficiency into line with the constantly evolving risks and protection systems.
  • Default security and minimal functionality: All systems used are designed and configured in such a way as to ensure a sufficient degree of security by default with the minimum necessary functionality.
  • Compliance with applicable legal framework: Any initiative in the field of information security strictly complies with applicable legal regulations in addition to complying with the internal policies and procedures of ppl.
Information Security Measures

ppl Information Security Management System consists of respective policies and specific procedures in the context of:

  • effective organisational structure for monitoring information security;
  • technical measures for controlling and restricting access to information systems as well as ensuring confidentiality, integrity and availability of information;
  • information classification based on importance, criticality and value of each piece of information;
  • training on information security risks for ppl members;
  • immediate action in case of an information security incident;
  • ppl business continuity in case of an information systems’ failure or physical disaster;
  • periodical information security risks assessment and implementation of remedial actions;

 

The responsibility for managing Information Security and measuring respective quality procedures is assigned to the Chief Information Security Officer (CISO), who is incorporated into ppl structure as an external partner with direct access to top management. The CISO is responsible for controlling and monitoring the information security management system as well as for undertaking the necessary initiatives to eliminate any related risk factor.

 

The Managing Partner and all ppl members are committed in protecting information security in alignment with top quality requirements and best practices.