Our main priority is to ensure the continuity of Mazars’ business activities while minimizing any damage. Our effort is to minimize damage by avoiding any security incidents and to declare to all our customers, business partners, employees and the general public the company’s ability to effectively protect information and assets, both our own and those entrusted to us in accordance with binding legal standards and the requirements of the countries in which Mazars does business.
The following have been introduced and are maintained in the company as an integral part of the management: The Information Security Management System (ISMS) pursuant to Czech standard ČSN ISO/IEC 27001 and a system of measures ensuring the company is prepared to implement assignments with the requirement of classified information according to the legal standards in the countries in which the company operates. ISMS and the system for the preparedness to implement assignments with classified information help Mazars assert and implement the Information and Asset Security Policy.
We declare that:
- All the requirements of the relevant legal regulations that are placed on Mazars in the area of security and assets are fulfilled;
- The information is available anywhere and at any time for the needs of providing quality services;
- The information is always accurate and true. The information from media devices is always the same as it was at the moment it was recorded on the medium. The complete management of the information life cycle is confirmed, i.e., its processing from the moment it is obtained or created until it is liquidated or handed over;
- The information is only made available to those who need it for the purpose of providing quality services. The “need-to-know” principle is applied. The leak of information in the event of employees leaving the company is also minimised;
- Employees are continuously educated and trained in the area of the security of information;
- The company considers a breach of the information security rules to be a gross breach of internal regulations and work responsibilities and is penalised in accordance with the Labour Code;
- The measures are directly proportionate to the actual risk level;
- We will be increasing the effectiveness of the information and asset security management system through regular monitoring, risk evaluations and the management of security events and incidents through remedial and preventative measures.
The Information and Asset Security Policy is binding for all employees of Mazars in the Czech Republic.
The management of Mazars continually verifies the effectiveness of its activities when fulfilling this policy through regular evaluations. It always strives for the maximum fulfilment of this policy with its plans.