IT SecurityINTERPIPE INFORMATION SECURITY
Interpipe is responsible for the data protection and security of the company, its employees, customers and partners. For this purpose, each enterprise of the company has adopted a policy for the protection of personal data and information security. The document ensures the protection of personal and confidential information of personnel and partners or their representatives. The company undertakes not to disclose information without the prior consent of the person concerned, to protect information from loss or disclosure, and to store the data no longer than necessary and destroy it accordingly.
Data protection and information security measures
To ensure the confidentiality of any information held by Interpipe, the company conducts internal (monthly) and external audits to assess the risks of data leakage with a total duration of 45 days a year. On average, as a result of the audit, about 30 problems and / or weaknesses are identified, which are eliminated in full. Corrective measures for detected faults include replacing or updating the antivirus system, eliminating hardware and software vulnerabilities.
The process of collecting permits for the processing of personal data in Interpipe is completely open and transparent. Each Interpie employee must sign a consent to the processing of personal data when applying for a job. All clients and partners of the company also give their consent while signing contracts. In addition, all partners providing information services to the company conclude a non-disclosure agreement (NDA) with Interpipe.
Interpipe has a password policy that applies to all enterprises of the company, as well as a procedure for backing up and restoring data. Every Interpipe employee gets acquainted with the password policy and information security memo during hiring. To ensure a high level of protection, the company uses access to confidential information through certificates with a limited validity period.
A separate area of minimizing the risks of Interpipe data leakage is the implementation of approved anti-phishing measures, namely the Interpipe Cybersecurity project, which is aimed at preventing users from receiving phishing emails. Additionally, the Company has an automatic anti-phishing system that analyzes incoming mail of all employees. In addition, the company raises employee awareness of phishing emails and methods of detecting them by regularly mailing memorials to corporate mail.
In order to effectively assess the risks of data leakage, protect information and timely detect and respond to data leakage cases, Interpipe constantly communicates with customers, IT solution providers and other partners.
Data protection and information security training
Interpipe employees receive training on how to work safely with Office 365 products, as well as training on information security policies and procedures. As of the end of 2020:
- all managers and external partners of INTERPIPE are familiar with the policies and procedures for the protection of information,
- 40% of senior and mid-level executives and 25% of other employees in the company have received information security training in Microsoft Teams,
- 5 business partners were involved in training on data protection and information security,
- 15 employees of Information Security and Information Technology services attended additional specialized seminars in the direction of Information Security.
Violation notification procedure
For prompt notification of information leakage and filing data protection complaints, the company operates a specialized Alert Line of the Economic Security Service for information leakage and the Information Security Service. Employees of the company and external contractors contact the hotline and specialized mail firstname.lastname@example.org every year, in particular, in 2019, 5 calls were received, and in 2020 - 9 calls. In particular, there were no substantiated complaints about violation of confidentiality and loss of customer data in the reporting period. Interpipe considers, processes and responds accordingly to each request.
The company regularly informs employees and external contractors about the procedure for notifying the relevant services of the company about the facts of information leakage. Interpipe places contacts and mail of hotlines at stands, corporate newspapers, regularly sends reminders by corporate mail and publishes messages in corporate chat bots Viber and Telegram. Messages provided to any of the hotlines are processed promptly and in full.