The nature of business of Miskovic & Miskovic Law Firm Ltd. requires the exchange of information both internally and with external clients, partners, and other business stakeholders. To maintain the continuity of our operations, it is essential to take measures aimed at protecting information resources from all internal and external, intentional or accidental, threats to the confidentiality, integrity, and availability of information.
With this in mind, the managing partners of Miskovic & Miskovic Law Firm Ltd. formulate the principles of the information security policy:
- Maintain the integrity of information to ensure its continuous accuracy and applicability,
- Ensure the confidentiality of information and protect it from unauthorized access and misuse,
- Build relationships and maintain communication with stakeholders by understanding the organizational context and the needs and expectations of interested parties,
- Make information and information systems available to stakeholders in accordance with business needs,
- Regularly conduct identification, analysis, and assessment of information security risks at planned intervals,
- Base decisions and actions on the results of regular information security risk assessments,
- Ensure employee awareness and capability for information security through education and training,
- Ensure compliance with legal, regulatory, and contractual requirements, as well as other information security obligations we have committed to meeting through the implementation of security measures,
- Ensure appropriate control and continuous improvement through measurable objectives and monitoring of the system's effectiveness and implemented information security measures,
- Monitor and analyze security incidents and take appropriate actions to eliminate threat causes and mitigate risks,
- Monitor and analyze security vulnerabilities and threats and take appropriate actions to address root causes and reduce risks,
- Develop, maintain, and test recovery plans to prevent security incidents and ensure business continuity in case of an incident.
To fulfill these commitments and ensure an appropriate level of control necessary to demonstrate compliance with adopted processes, our policy is to maintain a functional and effective information security management system that is established, maintained, and improved in accordance with the requirements of the international standard ISO/IEC 27001:2022.
The managing partner is responsible for communicating the Information Security Policy to all individuals working for or on behalf of Miskovic & Miskovic Law Firm Ltd. and for making it publicly available.
Zagreb, January 07, 2025
