Security Policy

KELER Group’s public security policy

Management’s commitment

KELER’s management is committed to develop the current level of cybersecurity (including information security) and to implement the set objectives and the strategy. In view of this, the management provides the necessary resources and supports the employees in the implementation thereof. It continuously assesses the specified objectives and takes the necessary measures in order to improve the operation and increase the level of security.

Security objectives

The management of KELER and KELER CCP is firmly committed to continuously maintain the security of KELER Group as a state and provides the resources, tools and other conditions (material and human resources, regulatory environment, decisions, etc.) required therefor, also taking into consideration, when planning conscious changes, the conditions necessary for complying with related security aspects.

KELER Group establishes security in accordance with applicable legislation. It considers, evaluates and assesses every recommendation, standard, best practice, information and experience that can contribute to the improvement of the security situation of KELER Group.

The establishment of security at KELER Group is centred on prevention.

When developing its security systems KELER Group chooses procedures, tools and measures which enable the earliest possible detection of processes that represent a risk, loss, or damage or pose a threat thereof, in a manner proportionate to the risks.

In connection with any undesirable, but potentially occurring security incident KELER Group wishes to make possible the clear identification of those responsible, efficient damage mitigation, and the restoration of the normal and secure operating state within the critical recovery times defined by the management of KELER and KELER CCP.

KELER Group applies protection, business continuity, disaster management and disaster recovery procedures proportionate to the risks, which guarantee the service and security level regarded as at least sufficient by its clients even if its particular organisations or systems (e.g. IT system) or individual elements of those suffer major damage, resulting in permanent malfunction or loss of service.

KELER Group plans its business continuity, disaster management and disaster recovery activities. To this end, it develops updated BCP-DRP action plans for every business process – and for providing the resources that support those – which is considered to be of high or medium priority in terms of KELER Group during the business impact analysis phase of this planning process.

KELER Group investigates, analyses and assesses every security incident, information or process it becomes aware of – regardless of whether it sustained material or other damage as its result –, which

  • directly or indirectly threatens its secure operation,
  • unnecessarily increases its security risks,
  • violated legislation or internal regulation, irrespective of whether the infringement was intentional or caused by negligence.

In harmony with its security and business interests KELER Group shall involve the authorities and/or take legal steps in connection with every security incident caused through an infringement.