Data security is key to the operations of BISZ Központi Hitelinformációs Zártkörűen Működő Részvénytársaság (BISZ Central Credit Information PLC), because the credit information systems operated by the Company contain data that qualify as either personal data or business and banking secrets. Such data are supplied by the financial organisations subscribing for the systems (Reference Data Providers) in accordance with the provisions of system rules. Reference Data Providers registering data in the databases of the systems have exclusive permission, and at the same time are required, to maintain and update the data which they have registered. This exclusivity also applies to the retrieval of information from the databases, which is a right of subscribing Reference Data Providers.
The Company seeks to assess the threats affecting information security (confidentiality, integrity, availability), to analyse and continuously review risks following a well-defined methodology, as well as to take appropriate measures to avoid their occurrence. For that reason, the Company has set the objective of protecting the data and information stored in its databases, as well as the data and IT equipment of the organisation, against both external and internal incidents, whether intentional or accidental.
The efficiency of the security system largely depends on internal and external staff. Consequently, to minimise risks and to ensure the stable operations of the organisation, BISZ Zrt. has been making efforts to achieve, maintain and improve the loyalty of its employees to the organisation, as well as awareness of and commitment to data protection.
Following their entry, new employees are given data security training in order to become aware of the importance of data security and their personal responsibilities.
In pursuit of enhanced security and prevention, BISZ Zrt. has set the following requirements for all of its employees:
- protection of confidential information against unauthorised disclosure;
- maintenance of the accuracy and integrity of information; and
- ensuring that data and key services are always available in a timely manner and with the required functionality.
We have an information security system in place conforming to the ISO/IEC 27001:2005 standard, which we continuously improve in order to increase the level of our security. The Company expects all of it suppliers to accept and fully comply with its requirements for data security.
BISZ Zrt.’s management undertakes to fulfil the objectives specified in its data security policy, and expects all of its employees to perform work in accordance with its data security rules.
Budapest, 14 October 2009
Dr. Róbert Nagy
Chairman and CEO