The company LITOU & CO, LP, with the distinctive title LEFKAS TRANSFER responding to the requirements of modern business reality and aiming to protect the integrity, confidentiality and availability of the information it manages, always aiming to provide uninterrupted and exemplary services to its Clients, decided to design and install an Information Security Management System in accordance with the requirements of the International Standard ISO 27001:2013.

The company's Security Management System covers "Transportation of passengers by TAXI, VAN, MINI BUSES and buses. Tourist enterprises." and has been designed in accordance with the needs and objectives of the Company and the Legal and Regulatory Requirements of the current Greek and Community Legislation.

The main objectives, as expressed within the procedures of the company's Information Security Management System, are:

• the creation of a basis for the continuous improvement of the efficiency of its processes, aiming at the continuous satisfaction of the needs and expectations of its customers to the maximum extent possible,
• to minimize the number of incidents that may affect the continuity of business processes, and to reduce their impact as far as possible,
• the handling of the information managed by the Company in a way that protects its security in terms of confidentiality, integrity and availability,
• the Company's compliance with the laws and regulations to which it is subject,
• the continuous improvement of the system.

Management's objective in both information security and personal data protection matters is to comply with the following principles:

• Processing of personal data in a fair and lawful manner
• Retention of personal data for clearly defined purposes
• Limitation of personal data to what is strictly necessary for the achievement of those purposes
• Protection of personal data through adequate security measures
• Retention of personal data for a certain period of time (depending on the purposes).

The company's system is regularly reviewed by the Management, in order to adapt to new needs and market developments, to legislative requirements, but also to achieve the objective of continuous improvement of the Company's operations.

The Management is committed to providing the infrastructure and equipment deemed necessary for the implementation and availability of its work. Each employee is responsible for responding to, assimilating and implementing the procedures required by the Information Security Management System through their daily activities. For this reason, all employees, depending on their responsibilities, are informed about the System and act in accordance with the established security and confidentiality rules.

The Information Security Policy is communicated, understood and applied by all human resources, with the ultimate goal of continuous, steady growth of its business activity, with unwavering commitment to its principles and the continuous offer to its customers services of excellent quality and maximum security. It is reviewed at regular intervals in order to ensure that it is constantly in line with market conditions, technological developments and the legislation in force.

Processes, flows and actions that do not guarantee the fulfilment of the objectives set are immediately stopped by those responsible, root cause analyses are carried out and the required improvement measures are defined.

Download pdf.