The Management Board of the Company is aware of the importance of information processed by the Company and it creates the conditions for ensuring their security, also by means of safeguarding financial means and qualified staff for their protection.

The Management Board of the Company shall comply with legal and contract requirements related to information security, especially in the scope of provisions on personal data protection and the protection of classified information.

The management of Information Safety is performed especially by means of the regulations included in internal normative acts and management system documentation, covering all areas of Company activity, thus forming the Information Safety Management System.

Each employee is responsible for the safety of information at his assigned position, including the security of specific intellectual resources in the Company. The managers of organizational units on all management levels are responsible for ensuring information security.

Information security is ensured by means of the following continuous activities:
- the monitoring of protection conditions (technical and organizational devices, formal and legal regulations) and related risks;
- employee training (provision of current knowledge);
- making the employees aware of the importance of their involvement in the implementation of information security policy;
- informing employees of the consequences resulting from the lack of due care of information security or the infringement of information security;
- reporting incidents related to information security.

Company employees are under the obligation to comply with detailed principles of conduct, documented in internal normative acts and documents of the quality management system concerning information security.

The Management Board of the Company shall continuously improve the implemented Management System.