JSC National Company Kazakhstan Temir Zholy carries out such activities as operating the mainline railway network, and rail transport of passengers and freight. The Company’s activity depends on the maintenance of uninterrupted operation of its corporate and local area network. Hence the Company has some requirements for information risks management and information security.
1 In order to ensure information security, the Company has implemented an information security management system in accordance with the international standard ISO/IEC 27001: 2013, the main principles of which are:
1) compliance with the requirements of the legislation of the Republic of Kazakhstan;
2) compliance with the international standard for information security ISO/IEC 27001: 2013;
3) confidentiality, accessibility and integrity of the Company’s information assets;
4) continuity of the Company’s activities;
2 Compliance with the principles of the Company’s information security management system is achieved by performing the following tasks:
1) active participation of the Company’s management in the process of information security management;
2) clear assignment of responsibility between the Company’s employees in terms of information security;
3) development and implementation of the Company’s standards in the field of information security, and control over their execution by the Company’s employees;
4) professional development of the Company’s employees in the field of information security;
5) implementation of measures to assess and manage the Company’s information risks, improve the level of protection of the Company’s information assets;
6) continuous improvement of the information security management system.
The Company’s management shall provide the necessary resources to maintain, monitor, analyze and improve the information security management system.
The tasks of the Company in the field of information security apply to the whole group of the Company and included in the system of business relations with partners.