Information Security Policy

I. Scope

This policy is intended for AS CREDITINFO EESTI (hereafter the “Company” or “We”) including Company employees, contractors and external partners who we cooperate with.

II. Objectives

We have created an overall approach to information security. The main security objectives of the Company are:
• protect our and our client’s data by preventing unauthorized access, modification, and destruction
• continuously identify, evaluate, and manage risks
• perform regular internal tests and audits
• prevent and detect security incidents and applying appropriate measures
• preserve our and our client’s reputation
• enforce legal responsibilities to comply with applicable legislation, regulations, and contractual requirements
• ensure we are strong and reliable partner for our clients

III. Commitment

Given the information and data we operate with, security is a fundamental part of our everyday life.

We are fully aware of the importance of maintaining the availability, confidentiality and integrity of information related to Company, our employees, clients, and other partners. Therefore, we are hereby committed to secure all assets at our disposal, to identify and evaluate risks and we declare our commitment to clients, employees, and external partners. We undertake to ensure the resources necessary to fulfill our commitment.

IV. People

We are aware that people are the cornerstone of our operations therefore we continuously promote our staff awareness in the area of security. All employees and external partners are aware of individual responsibilities and follow the procedures so that the process of ensuring the security is maintained at the required level.

We enforce all our major partners doing business with Creditinfo, or acting on our behalf, to adhere to equally high standards.

V. Contacts

All employees are expected to raise concerns about any security issue to their Information Security Officer or via incident management process. Any major incidents are reported to the Chief Security Officer of Creditinfo Group Security Board.

Information Security Officer