Information Security Management System (ISMS) Policy

Recognizing the crucial role of information in our business operations and being aware of the importance of information security in our processes, while addressing the requirements and expectations of our clients as well as the obligations imposed by applicable legal regulations, we have implemented and maintain an Information Security Management System in accordance with the ISO/IEC 27001 standard. This system covers the following scope:

• all information and data of clients, suppliers, and other interested parties,
• information provided by third parties necessary for the provision of services by Nomtek or the fulfillment of concluded agreements,
• information, including the internal documentation of the Organization,
• all processes carried out within the business operations.

Through this ISMS Policy, the Management Board declares that the implemented Information Security Management System will undergo continuous monitoring and improvement in accordance with applicable requirements.

The Management Board of Nomtek sp. z o.o. specifically commits to:

• compliance with applicable legal regulations and internal policies related to information security, especially regarding information provided by clients within the services rendered,
• continuity and efficiency of business processes,
• ensuring the confidentiality, integrity, and availability of processed information and data,
• continuous efforts to minimize the risk of data loss, equipment theft, and system breaches,
• minimizing the negative impact of security incidents,
• maintaining the Organization’s good reputation by ensuring the security of all information in its possession.

This ISMS Policy has been introduced and communicated to all personnel of the Organization. The document is available to all interested parties.