ISMS Policy


Maintaining a business reputation and ensuring competitiveness by establishing the protection of the information assets of the Inc group of companies (including Findo LLC) (hereinafter referred to as the Organization) of customers and partners, including commercial, official and other types of secrets, as well as personal data of the Organization's employees.


Creating and maintaining conditions under which information security risks (hereinafter referred to as IS) are constantly monitored and are at an acceptable level, confidential information is protected, and the business processes of the Organization are functioning continuously.

The management and all employees consider the provision of a high level of information security of the Organization's assets as one of their most important goals.


The scope of the information security management system is established by order of CEO Inc. The central and governing document establishing the general requirements for the system-forming processes of the ISMS is the “Information Security Management System” manual.


To effectively implement IS maintenance processes, the Organization implements an information security management system (hereinafter - ISMS) that meets the requirements of the international standard ISO / IEC 27001: 2013 “Information technology - Security techniques - Information security management systems - Requirements" (hereinafter - ISO / IEC 27001: 2013). The achievement of these goals is possible through the following activities:

  • inventory of assets and regular assessment of IS risks;
  • the application of sensible, cost-effective organizational and technical measures to ensure information security;
  • identification of applicable requirements of the current legislation and regulators in the field of information security, achievement of compliance with these requirements;
  • establishing the responsibility of employees on IS issues, training and raising their awareness regarding IS;
  • regular assessment of the ISMS compliance with applicable internal and external requirements through internal audits of the ISMS, monitoring the effectiveness of the ISMS processes, analysis of the ISMS by the management of the Organization;
  • implementation of corrective actions in case of deviations or inconsistencies in the work of the ISMS with internal and external requirements;
  • confirmation of the compliance of the ISMS of the Organization with the requirements of the international standard ISO / IEC 27001: 2013.


In the field of IS, the Organization is following the principles, namely:

  • Legality. When providing IS, the requirements of the applicable law, as well as the current regulatory requirements of state regulatory bodies, including international ones, are fulfilled.
  • Adequacy to existing threats and economic feasibility. The organizational and technical protection measures that are applied are selected based on the needs of the business based on the results of the analysis and assessment of IS risks, in particular, the analysis of current threats and the costs of implementing and maintaining risk management measures. A periodic assessment of the effectiveness of the measures and mechanisms of protection are carried out.
  • Minimizing the limiting effect on business processes. The organizational and technical measures used by the ISMS minimally affect the functioning and characteristics of the Organization's business processes.
  • Perspective and focus on existing Russian and international open standards. The ISMS organizational and technical measures are implemented taking into account global trends in the field of information security. Orientation to open standards allows using the accumulated world experience in the field of information security, and also ensures transparency of information security processes and ease of interaction within the framework of information security tasks.
  • Business continuity. Resilience, reliability, availability and correct functioning of the ISMS organizational and technical measures are provided.
  • Continuous improvement. To successfully counter IS threats in an ever-changing external and internal environment, a continuous cycle of development and improvement of ISMS is implemented.
  • Personal responsibility. Each employee of the Organization is personally responsible for the performance of the functions and requirements assigned to him within the framework of the ISMS.
  • Control. Constant monitoring of the Organization's employees fulfilling the requirements in the field of information security is carried out.

The Organization's management constantly evaluates its activities in accordance with the requirements of ISO / IEC 27001: 2013.

The CEO of Inc is committed to performing periodic reviews of the effectiveness of the information security management system and personal responsibility for its effectiveness, functioning and improvement.

Management guarantees establishment of conditions and provision of resources for the implementation of this Policy and calls on all workers to join forces to achieve our goals.