PRAGMA IoT, responding to the requirements of the modern business environment and aiming to protect its information systems, always with the goal of uninterrupted and exemplary service to its Clients, adopts and implements a comprehensive “Information Security & Privacy Management System”, which is fully aligned with the international standards EN ISO 27001:2022 and EN ISO 27701:2019, in order to:

• Ensure the confidentiality, availability, and integrity of the information managed by the Company.
• Be able to immediately address any incident that is reported or detected and may indicate a breach of confidentiality, integrity, or availability.
• Minimize the impact that information security incidents may have on the Company’s reliability and reputation with its clients.

The Company’s Information Security Management System covers the following scope:
“Study, Design, Development and Implementation of Hardware and Software ICT Solutions – Provision of Consulting Services / Study, Implementation and Management of ICT Projects.”
It is designed in accordance with the needs and objectives of the Company, the Legal and Regulatory Requirements of applicable Greek and European legislation, contractual obligations, and the requirements of the standard related to information security.

The main objectives, as expressed within the procedures of the Company’s Information Security & Privacy Management System, are:

• The establishment of a basis for the continuous improvement of the effectiveness of its processes, with the aim of consistently meeting customer needs and expectations to the maximum possible extent.
• The reduction of the impact of events that may affect the Company’s business continuity through our timely response to situations related to information security.
• The Company’s compliance with the laws and regulations to which it is subject.
• Our commitment to strictly adhere to our legal, regulatory, and contractual obligations, acting with ethics, integrity, and respect toward society and our clients.
• The handling of information, stored and transmitted in any way through the Company’s electronic and non-electronic systems, which constitutes data of exceptional importance for its operation and market position, in a manner that protects its security in terms of confidentiality, integrity, and availability.
• The continuous improvement of the Information Security & Privacy Management System.

The information security objectives are aligned with the strategic goals of the Company, while the Company ensures that the resources required for the ISMS are available.

The Management’s objective regarding the protection of personal data is the adherence to the following principles:

• Processing of personal data in a fair and lawful manner.
• Personal data shall be maintained in a lawful and fair manner and in a lawful and fair manner.
• Ensuring the confidentiality of personal data that are processed, stored, or transferred electronically or physically through the personnel and information systems of our Company.
• Personal data must be kept strictly limited to what is absolutely necessary for the achievement of the intended purposes.
• Protection of personal data through appropriate security measures.
• Retention of personal data for a defined period of time (depending on the purposes).

The Company’s System is reviewed at regular intervals by Management in order to adapt to new needs and market developments, legislative requirements, and the achievement of the Company’s information security objectives. The Information Security & Privacy objectives are reviewed annually and adjusted if required.

Management is committed to providing the necessary resources for the implementation of its work and the application of the IS&PMS.

Every employee is responsible for responding to, assimilating, and implementing the procedures required by the Information Security & Privacy Management System in their daily activities.

For this reason, all employees, depending on their responsibilities, are informed about the System and demonstrably act in accordance with the established security and confidentiality rules.

The Information Security & Privacy Policy is available, understandable, and applicable by all personnel, with the ultimate goal of the continuous and stable development of its business activity, with unwavering commitment to its principles and the continuous provision of services of excellent quality and maximum security to its clients. It is reviewed at regular intervals with the aim of its continuous alignment with market conditions, technological developments, and applicable legislation.

Pragma-IoT underlines its commitment to providing high quality services by continuously striving to improve operations and deliverables for the benefit of customers, employees and stakeholders and to improve its overall business performance.

To achieve this goal, we have established an integrated Quality Management System, based on the following principles:

• Customer focus: we understand the needs and expectations of our customers, offering customized solutions that add value and optimize their operations.
• Continuous Improvement:We promote a culture of continuous improvement of our processes, products and services, keeping abreast of technological developments and market requirements.
• Specialisation & Human Resources: We invest in our people, who are our greatest asset, by providing continuous training and encouraging collaboration, creativity and professional development.
• Compliance with Regulations & Standards:We are committed to complying with legislation, regulatory requirements and international quality standards in accordance with ISO 9001, ensuring compliance in all our business activities.
• Risk Management & Opportunities: We identify, assess and manage risks and opportunities that may affect the quality of our services, aiming to continuously improve our business performance.
• Privacy & Data Security:We respect and protect our customers’ information by implementing appropriate security measures and complying with applicable data protection regulations.

The Management of Pragma-IoT is committed to providing the necessary resources to maintain and improve the Quality Management System, with the aim of continuously increasing customer satisfaction and strengthening the competitiveness of the company.

The Quality Policy is regularly reviewed to ensure its relevance and effectiveness, taking into account developments in the business environment and stakeholder requirements.

Driven by responsibility, innovation and continuous improvement, Pragma-IoT is committed to providing high quality solutions that contribute to the sustainable development of its customers and the communities in which it operates.

PRAGMA IoT, recognizing the increased demands of the modern business environment and the importance of the continuous provision of critical services to its Customers, adopts and implements a comprehensive Business Continuity Management System (BCMS), fully aligned with the international standard EN ISO 22301:2019.
The objectives of the System are:

• ensuring the continuous operation of critical services and processes,
• the immediate and effective response to incidents or crises,
• the reduction of operational, technological and reputational risks,
• the rapid restoration of operations within predefined timeframes,
• strengthening organizational resilience through training, testing and continuous improvement.

The Company’s Business Continuity Management System (BCMS) covers the following scope:
“Study, Design, Development and Implementation of IT Hardware and Software Solutions – Provision of Consulting Services / Study, Implementation and Management of IT projects.”
It has been designed in accordance with the needs and objectives of the Company, the Legal and Regulatory Requirements of the applicable Greek and EU Legislation, contractual obligations, and the requirements of ISO 22301 related to the maintenance of business continuity.

Management is committed to providing the necessary resources for the implementation and improvement of the System, while all employees must be aware of and follow the established procedures within the context of their daily activities.

The Business Continuity Policy is available to all personnel, is regularly reviewed, and aims to ensure the reliability, resilience and sustainable development of PRAGMA IoT.