DOQSYS BUSINESS SOLUTIONS Ltd. is committed to ensuring the highest level of information security. In our activities, we strictly adhere to relevant standards, regulations, and our customers’ information security requirements, ensuring data protection and operational integrity.

Information security is a fundamental business interest and a key partner expectation, which is why our strategy focuses on protecting IT and other information resources, with particular emphasis on ensuring confidentiality, integrity and availability.

Our professional operations require a flexible framework, which is why internal information flow plays a key role. We make the information necessary for work available to our employees, while ensuring its protection and controlled accessibility. Awareness of and consistent adherence to information security principles is mandatory for all our employees and subcontractors, thus ensuring the safe and sustainable operation of the company.

We design, implement, operate, and control the IT and information systems used in our field of application in such a way that they comply with the relevant legal requirements and include security measures commensurate with the risks arising from a lack of protection.

We ensure the confidentiality, integrity, and availability of information and information processing by developing, implementing, and regularly reviewing identification and control processes, thereby guaranteeing the continuous protection and reliability of our systems.

1. Organizational security

Within the organization, we ensure information security through conscious management, continuous development, and control. We only make information available to third parties in a limited and controlled manner, and we ensure that information security is maintained even when we subcontract certain processes.

2. Our risk management

During risk analysis, we identify our assets and vulnerabilities, then determine the necessary security measures based on the likelihood of threats occurring and their impact. The protective measures we use are proportionate to the business risks and make sure our organization can operate safely.

3. Our employees’ role in information security

All our employees are responsible for maintaining information security, so we make sure they’re aware of the relevant security requirements through ongoing training and checks.

4. Our physical and environmental security

We protect our information assets against unauthorized access, damage, and loss, and we minimize risks arising from environmental impacts.
We reduce the chance of damage to and destruction of information carriers through appropriate physical security measures, and we take steps to prevent security threats.

5. Our communication and operational security

We ensure the secure operation of information processing equipment through documented operating procedures and continuous monitoring. We provide protection against malicious software and system attacks, and monitor system status and network security.

6. Our access and authorization principles

We regulate access rights based on business and security requirements. We monitor and, if necessary, review all logins and access operations, thereby ensuring the protection of information and preventing unauthorized access.

7. Development and maintenance of our information systems

We procure new information systems and develop existing systems in such a way that they fully comply with information security requirements.

8. Handling information security incidents

We handle information security incidents according to structured and consistent procedures, with clearly defined responsibilities.
Our goal is to keep critical business processes going even in the event of major failures and disasters. We carry out recovery and restoration processes based on predefined plans.

9. Legal compliance

Our organization complies with applicable laws, contractual obligations, and regulatory requirements, regularly reviewing our information security system.

10. Commitment

The management of DOQSYS BUSINESS SOLUTIONS Ltd. is committed to maintaining and continuously improving the principles of its information security policy. We operate a management system that complies with the ISO 27001 standard, which ensures the confidentiality, integrity, and availability of information.

11. Scope and applicability

The scope of application of DOQSYS BUSINESS SOLUTIONS ZRT.’s information security management system is as follows:

• Expert and consulting services for software sales, implementation and support to support corporate digitization;

• Expert and consulting services related to cloud-based procurement, e-procurement, e-public procurement processes and system implementation;

• Expert and consulting services related to cloud-based supplier invoice management processes and system implementation;
• Outsourced intelligent data extraction, authentic electronic conversion and archiving services for supplier invoices and other documents;

The territorial, personal and material scope of the information security management system of DOQSYS BUSINESS SOLUTIONS Ltd.

Territorial scope:

• Budapest, Danubius Office Building, Babér u. 1, 1131

Personal scope:

It covers all employees of the organization who act on the basis of job responsibilities or individual assignments, as well as all contractual partners who are involved in the organization’s information security management system.

Material scope:

• All data – All data managed by the organization, regardless of how it was created, how it is used, where it is processed, and how it is displayed.
• Hardware and software tools – Any IT tools used by participants covered by the “Personal scope”, including equipment owned, operated, or leased by the organization.
• Software and systems – System programs and user programs that ensure the organization’s IT operations and support its processes.
• Procedures and regulations – The set of rules, procedures, and guidelines that define the operation of the information security system and ensure the secure management, protection, and use of IT systems, tools, and data.

 By signing this document, I personally confirm our commitment to our Information Security Policy.

Budapest, October 1, 2024.