The Policy sets out roles and responsibilities related to ensuring an appropriate level of digital security and personal data protection. The Director of Digital Transformation and IT at FFiL Śnieżka SA is accountable for digital security management and direct supervision of the implementation and functioning of the Policy. The Director of Digital Transformation and IT (after appointing the position of Product Manager IT Security) is responsible for the implementation and application of the Policy in the area of IT technology. As far as the the responsibilities of the Technical and Investment Director are concerned, they include the implementation and application of the Policy in the area of OT technology, and the Data Protection Inspector is responsible for the implementation and supervision of the application of the requirements of the Policy in the field of personal data protection.
Cybersecurity
The Śnieżka Group is aware that the growing digitization of work methods, tools and systems must be associated with a comprehensive approach to managing the digital security of organizations, in particular those systems that are responsible for collecting personal data. All activities related to IT security in the Group are carried out based on the Digital Security Policy.
- ensuring compliance of activities with applicable legal requirements,
- ensuring confidentiality, integrity and availability of processed information,
- raising employees’ security awareness and engaging them in information protection,
- reducing the risk of cybersecurity, including violation of the rights and freedoms of natural persons,
- regularly testing, measuring and evaluating the effectiveness of established technical and organizational measures,
- ensuring readiness to maintain the continuity of services rendered.
- developing and implementing the Digital Security Strategy,
- designing and implementing an effective digital security risk management model,
- designing and implementing an effective model for managing mobile devices and remote work,
- designing and implementing an appropriate access control management model,
- designing and implementing an appropriate security management model in relations with suppliers.
The digital security policy applies to the entire Śnieżka Group. The Digital Transformation and IT Department is responsible for overseeing its implementation.
The Group’s activities related to cybersecurity are connected with building a culture of digital security. Employees participate in periodic training related to developing appropriate habits in this area. The Group’s experts have also prepared four issues of „Cybersecurity News” – newsletters with current information and interesting examples in the area of cybersecurity.
Security management maturity reviews in the Śnieżka Group are also regularly conducted, which include analysis, monitoring and development of policies, procedures and other documents regulating the area of digital security. The Group liaises with a Security Operation Centre service provider. In 2023, the SIEM system monitored the IT systems of the Śnieżka Group. 89 security incidents and 212 vulnerabilities (weak points of a given system) were reported and resolved.
Personal data protection
FFiL Śnieżka SA has a Digital Security Policy in place, the purpose of which is to protect the Company’s information and data. The Personal Data Protection Policy as well as procedures and regulations regarding the protection of personal data have also been adopted.
All new employees are required to complete training in the field of personal data protection. Additionally, FFiL Śnieżka SA and Śnieżka ToC conduct dedicated training for selected groups of employees involved in personal data processing.
In 2023, FFiL Śnieżka SA established cooperation with an external advisor who serves as the data protection officer in all Polish companies of the Śnieżka Group and advises on the management of the personal data protection area.