Purpose

Information security within the Generali Osiguranje Montenegro is the protection of information and property from potentially high risks of security breach (internal or external, accidental or intentional) through establishment, implementation, execution, supervision, examination, maintenance and improvement of information security management system ( ISMS ) to ensure business continuity, reduce business risk, increase customer satisfaction and increase revenue from investments and business opportunities.

The implementation of this policy and rules is important for maintaining confidentiality, integrity and availability of the information system intended for providing service to the Company's employees and other stakeholders.

The Policy provides and guarantees the following:

• Information will be protected against unauthorized access;
• Information confidentiality will be at an adequate level;
• Information will not be disclosed to unauthorized persons either accidentally or intentionally;
• Integrity of information will be maintained through protection against unauthorized modification;
• Possibility of access and modification of information by authorized persons when needed;
• Compliance with all regulationsa nd requirements of supervisory authorities;
• Support of the policy through continuous business plans that will be set, maintained and continually tested in practice;
• Training is provided through all organizational units of the Company;
• All violations of safe handling of information are examined and investigated

Intended use

All employees are responsible for implementing information security policy and they must provide support to the management of the Company that have adopted the policy and business rules in order to protect information security.

Implementation of information security management system is carried out in accordance with the requirements of ISO 27001:2013, without exclusions.

Objectives

Within Generali Osiguranje Montenegro, the following protection objectives are obligatory:

• Confidentiality - refers to data or information is not made available or disclosed to unauthorized persons, entities or processes.
• Availability - refers to data or information is accessible and useable upon demand by an authorized person or process.
• Integrity - refers to data or information that have not been altered or destroyed in an authorized or unauthorized manner, in terms of accuracy and completeness.
• Data Privacy - refers to controls to protect personal identifiable information (incl. data of customers, prospect clients and employees) in accordance with local Data Privacy Law and internal policies.

The Information Security Policy is a document that further extends the guidelines and methods of dealing with the security of General Osiguranje Montenegro. Policy is available to all employees and interested parties.