The company’s Information Security Management System (ISMS) is in compliance with the requirements of ISO 27001:2022. Through this system, Management is committed to
• customer satisfaction
• compliance with legal requirements
• implementation and continual improvement of the ISMS
• ongoing identification of risks and opportunities
• management of changes affecting the ISMS
Scope of the ISMS:
“Development of research equipment for drug / formulation imaging. Provision of drug /
formulation study services.”
In the context of the above commitment, the company has defined the following measurable quality
objectives:
• to maintain the lowest possible number of non-conformities (system-related, service-related, etc.)
• to satisfy the requirements and needs of its customers
The broader and ongoing goals of our policy are:
• to provide personalized advice and secure service to our clients
• to meet customer needs and respond to their expectations
• to respect customers’ dignity and privacy
• to ensure prompt and timely service to clients/partners
To achieve the above objectives, the company implements an ISMS compliant with ISO 27001:2022. The objectives are reviewed periodically to ensure continual improvement of the system.
Management is committed to providing all necessary material resources and human capital to achieve these objectives. All personnel are required to follow the procedures and instructions arising
from the implementation of the ISMS.
More specifically, the information security policy is supported by:
• this general policy, which includes the objectives for information protection, Management’s commitment to ISMS implementation, and the main principles and provisions of the security policy
• a series of subsidiary policies defining detailed information security practices in various areas
• supporting procedures and forms, where required, for the implementation of these policies
According to international literature, information security is defined as the safeguarding of the following attributes:
Confidentiality:
Access to information is granted only to those with appropriate authorization.
Integrity:
Information is complete, accurate, and valid.
Availability:
Information is available at all times to authorized users.
In addition to the above primary objectives of information security, the following are considered complementary:
User identification and authentication:
The process of verifying a user’s identity — ensuring that the person attempting access is who they claim to be.
Access control:
Ensuring that users attempting access are authorized to do so.
Audit and monitoring:
Monitoring and logging user actions.
Personal data protection:
Protecting personal and sensitive data from unauthorized collection, storage, or processing.
Non-repudiation:
Ensuring that users cannot deny having performed an action related to accessing or processing information, systems, or applications.
Achieving the above primary and complementary information security objectives leads to the maximum possible protection of information, systems, and applications.
Management fully acknowledges the ISMS objectives, supports their implementation in accordance with this policy, and ensures the continual improvement of the system. Specifically, it is responsible for:
• reviewing and approving the initial version of the policy and any subsequent revisions
• reviewing and approving roles and responsibilities related to ISMS management
• monitoring significant changes in the company’s organization or infrastructure that may require revision of the ISMS
• monitoring security-related incidents
• initiating actions to enhance the security of information resources by adopting additional measures
The company has collaborated with a specialized consultant for the design and implementation of its information security management systems in accordance with ISO 27001 and for advisory projects on information security matters.
For the company,
The Management