Security policy

The top management of X-CODE sp. z o.o., committed to fulfilling business objectives as well as legal and contractual obligations, has decided to implement an Integrated Management System (IMS) in accordance with the requirements of ISO 22301 and ISO 27001 standards. This initiative encompasses all personnel and management of the organization. As an entity responsible for delivering key services such as business process optimization, software design and implementation, consulting, software integration and migration, software testing, and software maintenance—while maintaining required work safety criteria, legal compliance, and security and business continuity principles—the organization is committed to:

• identifying, planning, allocating resources, and implementing preventive actions to reduce the risk of disruption to critical services in all areas covered by this Policy;
• preparing responses to critical incidents, agreeing on the allocation of necessary resources and priorities in such a way as to restore key services and return to normal operations within a planned timeframe;
• preparing and maintaining procedures and ensuring the resources necessary to maintain effective communication in a crisis situation;
• enabling, in the event of a crisis, the maintenance of the highest achievable level of delivery of key services under current conditions, and appropriately regulating information security in contracts with all interested parties;
• preparing and maintaining procedures and ensuring the resources necessary to enable efficient cooperation between the organization and local emergency services, government and local administration, and other organizations participating in emergency response during a crisis;
• maintaining an up-to-date and effective Business Continuity Plan that covers critical processes supporting service delivery / product provision, and adapting the IMS so that procedures, forces, means, and employee competencies support both normal, ongoing operations and operations under emergency and crisis conditions;
• identifying and analyzing risks related to information security, conducting reviews, and taking actions to mitigate them;
• raising employee awareness and sensitivity to information security issues;
• ensuring physical security of company assets and stored data;
• ensuring the security of internet connections and ICT systems;
• including appropriate information security regulations in contracts with all interested parties;
• assigning responsibilities for ensuring information security;
• applying a systematic approach to information security management.

The company’s Management Board declares its full commitment to creating the conditions for the effective functioning and continual improvement of the IMS. Accordingly, it obligates all organization personnel to apply and comply with the principles of the IMS.