Information Security Policy

ACS operates in the field of courier services, with the main object of handling mail, small parcels and parcels by any means in Greece and abroad and the provision of ordinary mail services. Through the services offered, ACS collects and processes information necessary for the operations of its customers. The protection of information and its processing systems is of strategic importance for the Company in order to achieve its short-term and long-term goals and at the same time to ensure the smooth operation of the Company itself and its customers' activities.

ACS in accordance with the Information Security requirements defined by the Group through P42 "Group Information Security Policy" while recognizing the criticality of information and information systems in the performance of its business operations, implements an integrated Information Security Management System with the aim of:

• Ensuring the confidentiality, integrity, and availability of the information it manages.
• Ensuring the proper operation of the information systems through which it provides services to its customer base.
• Timely response to incidents that may endanger the operations of the Company.
• Satisfying the legislative and regulatory requirements.
• Continuous improvement of the Information Security level.

For this purpose: 

• The organizational structures necessary for the monitoring of issues related to Information Security are defined.
• The technical measures to control and restrict access to information and information systems are defined.
• The way of classifying the information according to its importance and value is determined.
• The necessary information protection actions during the stages of their processing, storage and handling are described.
• The ways of informing and training the Company's staff and partners in Information Security matters are defined.
• Methods of dealing with Information Security incidents are determined.
• The ways in which the safe continuity of the Company's business operations is ensured in cases of malfunction of information systems or in cases of disasters are described.

ACS carries out at regular intervals risk assessments related to Information Security and takes the necessary measures to address them. It applies a framework for evaluating the effectiveness of Information Security procedures through which performance indicators are determined, their measurement methodology is described, and periodic reports are produced which are reviewed by the Company's Management in order to continuously improve the system.

The Information Security Officer is responsible for controlling and monitoring the policies and procedures related to Information Security and taking the necessary initiatives to eliminate all those factors that can jeopardize the availability, integrity and confidentiality of information managed by the Company.

All employees of ACS and its partners with access to information and information systems of the Company, bear the responsibility of abiding by the rules of the applied Information Security Policy.