Information Security Policy

Management Statement

STRV s.r.o. and STRV Inc. ("STRV") is a software design and engineering company. We deliver applications and other digital solutions for a wide range of customers, while also working on our own projects.

The stage we find ourselves in as a business brings many benefits, but it also comes with profound challenges in the area of information security. This declaration is a cornerstone of STRV’s ongoing commitment to enhance and clarify security principles, procedures and measures. We declare the objectives and principles in this Information Security Policy as the foundation of STRV’s approach, which has management’s full support.

Information Security Objectives

STRV aims to sufficiently secure the confidentiality, integrity and availability of our customers’ and our own data and information falling within our scope. By taking the appropriate measures, we are able to ensure the required level of information security in alignment with ISO/IEC 27001:2022 standards. We also operate, control, maintain and are continuously improving the documented Information Security Management System (“ISMS”) in terms of risks and requirements imposed on STRV by internal and external stakeholders.

Information Security Principles

We are committed to:

  1. Observe and comply with the internal and legislative regulations in the area of information security,
  2. Consistently use and continually improve procedures, proven technologies and other safeguards to ensure information security,
  3. Provide sufficient human, financial and time resources to achieve information security objectives,
  4. Always plan and implement security measures with a primary focus on minimizing cyber threats, vulnerabilities and risks concerning efficiency, cost-effectiveness and compliance with the specified level of acceptability of information risks,
  5. Develop and continually improve STRV’s information security by continuously monitoring and evaluating current threats and their possible impact on confidentiality, integrity and availability of assets managed by STRV, and by assessing the implemented security measures in terms of efficiency and sufficiency,
  6. Define and control the roles and responsibilities within ISMS,
  7. Raise the information security awareness of all employees and contractors at the very beginning and during the work contract about their role in ISMS,
  8. Manage supply chain containing risk assessment, defining clear rights and obligations at the very beginning and during the contract,
  9. Proactively deal with any violation of this policy by employees, contractors or suppliers,
  10. Regularly monitor, evaluate and assess the stage of our Information Security.

January 1, 2020

In Prague,
Lubo Smid, CEO