IT SECURITY

Security principles in the area of information technology at HOCHTIEF CZ are based on the following documents and legislation:

• Law on Personal Data Protection No. 101/2000 Coll., as amended
• ČSN ISO/IEC 17799 Information Technology – Code of practice for information security management
• ČSN ISO/IEC TR 13335 Information Technology – Guidelines for IT security management
• The HOCHTIEF standards for work in the field of information technology

The aim of the individual measures implemented within the security strategy of HOCHTIEF CZ is primarily:

• Ensuring of proper and safe operation of the system
• Minimizing the risk of system failure
• Ensuring integrity of the system and information
• Ensuring maximum system availability
• Preventing damage to the assets and disruption of the company´s  activities
• Preventing loss, modification and misuse of information
• Protection of confidential and secret information
• Protection of the trade secret

The main safety principles used by HOCHTIEF CZ and used to achieve the above mentioned objectives are:

• Ensuring physical safety of the individual parts of the system
• Ensuring protection of the system against critical conditions
• Ensuring emergency measures including contractual security of correction of the critical elements of the system
• Backups and data archiving
• Clear identification of each user of the system by an account and password
• Internet access for WAN users only through one place protected by Firewall
• Use of regularly updated anti-virus software on all servers and computers
• Antivirus control of electronic mail
• Management of user access to data using access permissions
• Two-level security of critical data and electronic mail – encryption