Atea Information Security Management System Overview

This document is a guide detailing Atea's Information Security Management System (ISMS) and associated policies. It outlines the organization's commitment to maintaining robust information and IT security practices, which are designed to protect both internal assets and customer information. The ISMS is based on ISO 27001 standards and incorporates GDPR-specific controls. The document describes the roles and responsibilities within Atea's security organization, including the appointment of a Group Chief Information Security Officer and local Information Security Officers. It also covers various aspects of security risk management, emphasizing adherence to ISO 31000 for risk management and regular risk analyses. Additionally, the guide discusses the handling of personal information, ITIL processes, threat surveillance, employee education, access management, physical office security, data facility security, and business continuity management. Governance and reporting structures are also presented, highlighting the oversight by the Group Security department and the strategic decision-making processes related to security.