Information Security Policy
1. Purpose
The Information Security Policy targets to present internally but also to external interested parties the scope and key elements of the Information Security Management processes of the company as part of the Integrated Management System (IMS).
Information Security Policy complies with the requirements of ISO 27001:2022.
2. Scope
This policy applies to all ASTAT activities whether working within regulated or non-regulated business.
3. Responsibilities
Adherence to this policy is mandatory for all ASTAT employees and non negotiable to ensure the protection of company’s data against Confidentiality, Integrity and Availability risks. Managing Director is responsible for approving and reviewing the current policy.
4. Policy analysis
4.1 Information Security Policy
The Company ASTAT is a provider of scientific research and development services in medical sector. The Company applies an Information Security Policy as part of an Integrated Management System in the entirety of its areas of activity.
The Integrated Management System has developed and is applied with the objective of:
- Being the key mechanism for the optimal Company’s organization and operation, determining at the same time the Company’s context
- Identifying the interested parties that are relevant to the management system and their requirements as they are critical to the security of the information managed by the Company
- Ensuring the proper information processing management
- Ensuring the business continuity of the processes that have identified as critical
- Determining and addressing opportunities and risks associated with the operational environment, thereby enhancing the security level
- Ensuring a quick, effective and orderly response to information security incidents
- Ensuring the required level of awareness and understanding for the persons doing work under the Company’s control of issues relating to the information security, networks and infrastructures.
The Company is committed to satisfying the requirements (legal and customers’ specifications) that apply to its services, to information management and to the continual improvement of the Integrated Management System.
The Company applies the system and maintains the certification according to ISO 27001:2022 for the scope:
“Statistical design and analysis – Provision of statistical analysis training services”
The Managing Director, by taking into account any technological developments and changes in the legal framework related data protection issues, establishes a series of objectives relating to the performance and security level improvement. The objectives and the actions taken to achieve them, such as the establishment of new objectives, are being examined under the annual management review of the Integrated Management System.
The Managing Director invests consistently in technical and operational interventions in order to ensure the continually improvement of the security level.
All the parties involved with ASTAT operations are required to comply with the Integrated Management System.
The Information Security Policy is reviewed annually during the management review, in order to ensure its suitability.
The Information Security Policy is at the disposal of every interested party.
Managing Director
15/03/2025
5. Version History
| Version | Date | Description of Changes |
| 1st | 01/03/2023 | Initial Issuance of Documentation |
| 2nd | 15/03/2025 | Transition to the new version of ISO 27001:2022 |
