IT security policy

Our goal is to protect the confidentiality, integrity, availability and traceability of information and the information management tools through security measures within the information security system.
Issues regarding information security are handled with utmost importance. 

  1. To achieve our goals, we operate our information security system in accordance with the MSZ ISO/IEC 27001:2023 standard - we are committed to developing it.
  2. We consistently improve our information security management system.
  3. We prioritise the comprehension and compliance of the related legislations, regulations and data protection laws.
  4. We operate a system based on risk assessment whose primary goal is to identify and evaluate the potential sources of danger and threat as well as to take the necessary countermeasures.
  5. We develop rules in order to deal with potential events while taking the specifics of the systems to be protected into account and keeping in mind the requirements of business continuity.
  6. We make sure to prevent the events of information security when possible. We manage and investigate the causes of incidents related to information security and data protection.
  7. We ensure the physical safety of our tools and infrastructure with the help of up-to-date technical tools and well-prepared professionals.
  8. We continuously improve our system in order to prevent trespassing, unauthorized access, deliberate or accidental errors and possibilites of damages.
  9. In order to increase security, we use up-to-date IT solutions while involving information security experts.
  10. We ensure the confidentiality, integrity and availability of the information and the information processing procedures. We regularly review methods of access and permissions.
  11. We constantly develop the information security awareness of our employees in order to achieve our security policy goals,
  12. The procurement of new information systems and the development of existing systems are carried out while taking information security aspects into account.
  13. In line with the Horváth Group’s practices, IFUA Horváth & Partners Kft. uses artificial intelligence in a number of cases. The use of artificial intelligence, as well as the collection and use of personal data, is subject to data protection requirements and the principles governing artificial intelligence, in particular in accordance with the GDPR and the Act on Artificial Intelligence. We use it exclusively within the framework of lawful data processing, for the purpose of optimizing internal processes, increasing customer satisfaction, and supporting business interests.
  14. We set information security goals, for the sake of improving the maturity and the processes of our information security
  15. We evaluate our information security processes annually on management review workshop.
  16. Our main goal is to achieve and maintain the satisfaction of our partners while providing solutions tailored to their needs and business processes. We continuously develop the quality of our services and our internal operation to accomplish this.