Security policy

The purpose of this policy is to affirm our commitment to creating a secure environment where innovation thrives. We safeguard our people, assets, and data from evolving threats, ensuring resilience and trust in everything we do, guided by global security standards like ISO 27001.

Version: 1.0.11
Effective date: 2024-10-24
Last revised: 2025-05-16

Author: IMS coordinator
Approved by: CEO
Classification: Public

 

Scope

This policy applies to all Glesys operations, employees, contractors, vendors, and customers. It covers physical security, fire safety, information security, and cyber security across all facilities and services.

 

Security vision

Our vision is to lead in creating a proactive, adaptive security culture where every Glesys employee, partner, and customer contributes to protecting our assets. We ensure resilience in a constantly changing threat landscape by embedding security into all aspects of our operations.

 

Key security pillars

Security is foundational to everything we do. Our approach to security is built on three key pillars that ensure comprehensive protection across physical, digital, and operational domains. These pillars form a resilient, layered defense that adapts to emerging threats and provides peace of mind for our employees, customers, and partners. Each pillar is critical to our security strategy, contributing to an integrated framework that safeguards our assets and ensures business continuity.

 

1 Physical and environmental security

 

Glesys ensures the protection of its physical infrastructure through comprehensive security measures. This includes preventing unauthorized access to facilities and protecting against environmental risks such as fire, floods, and other hazards.

  • Access control: Advanced access control systems, surveillance, and physical barriers safeguard sensitive areas such as our data centers.
  • Environmental protections: Climate control systems, flood sensors, and emergency response protocols are in place to safeguard infrastructure from environmental risks.
  • ire security: State-of-the-art fire detection and suppression systems are implemented in all critical facilities, supplemented by regular fire drills.

 

2 Information security

 

Information security at Glesys focuses on protecting our data’s confidentiality, integrity, and availability. We follow ISO 27001 standards to ensure our data protection practices meet global best practices.

  • Data protection: Encryption, secure access controls, and lifecycle management practices protect all forms of data.
  • Compliance: We comply with international regulations, including GDPR, to ensure the highest data protection standards.
  • Incident management: We have a robust incident response plan that promptly identifies, contains, and resolves data breaches.
  • Threat intelligence: Real-time monitoring and advanced threat intelligence systems enable us to detect and mitigate cyber risks early.
  • Proactive defense: We use firewalls, intrusion detection, and zero-trust architectures to secure our networks.
  • Cyber resilience: We have a detailed incident response framework to contain and resolve security breaches with minimal disruption.

 

3 Security culture and governance

 

Security at Glesys is a shared responsibility, and all employees, vendors, and partners are aligned with our security vision. Strong governance ensures accountability and continuous improvement.

  • Employee training and awareness: Regular training programs empower employees to identify and mitigate potential security threats.
  • Governance and accountability: Security practices are regularly audited, with clear reporting lines and risk management frameworks ensuring adherence to best practices.
  • Third-party risk management: We assess and monitor third-party vendors to ensure they comply with our high-security standards.

 

Strategic security objectives

Our strategic security objectives aim to build long-term resilience and protect critical assets. These objectives will drive the continuous evolution of our security capabilities, preparing the organization for future security challenges while maintaining trust and compliance.

  1. Zero security incidents across core systems: Our goal is to eliminate security incidents in all critical systems through a proactive defense strategy.
  2. Build a security-first culture: We will establish a security-first culture, ensuring 100% of employees participate in security awareness training and adhere to best practices.
  3. Enhance cyber resilience: Develop and deploy strategies, including threat detection, to ensure our digital infrastructure is robust and prepared for future cyber threats.
  4. Maintain leadership in compliance: We commit to maintaining ISO 27001 certification while continuously adapting to emerging security frameworks to ensure ongoing compliance with global standards and regulations.
  5. Future-proof security infrastructure: Invest in scalable, future-proof security systems that can accommodate evolving technologies and growing operational demands over the next decade.

 

Roles and responsibilities

Role Responsibilities
Executive management Oversees the development and enforcement of security policies and strategies
Department heads Ensure department-level compliance with physical and information security
Quality manager Implements security measures and ensures adherence to security procedures
Team members Follow security protocols and report incidents or vulnerabilities

 

Commitment to continuous improvement

Security at Glesys is constantly evolving. Regular audits, risk assessments, and investments in new technologies ensure we remain leaders in security innovation and resilience.

The CEO is responsible for the annual review of this policy to ensure its relevance and effectiveness.