Information Security Policy

Preparing and implementing a comprehensive information security policy contributes towards protecting key business processes and information within companies and facilitates employee workload by giving them a better understanding of the security rules of the organisation wherein they work.

By preparing information security policies, S&T Slovenia can reduce the degree of risk involved in information security to an acceptable level. By employing top experts in both the preparation of information security policies as well as in their introduction into practical use, S&T Slovenia has successfully carried out numerous projects related to the preparation of information security policies.


The purpose of information security is to ensure business continuity, limit business loss, ensure compliance with legislation, protect the company’s goodwill and market reputation, and to prevent and reduce the consequences of security events.

Advantages of introducing a security policy:


  • Greater information system security
  • Protection of key business processes
  • Streamlined employee work
  • Familiarity with the current status of the IT system and tips for improvement



In addition to having a written security policy, executing it and monitoring its effectiveness is essential in improving information security.

The information security policy aims to reduce business risks and to determine rules, roles and responsibilities in the area of information security. An information security policy entails the processes involved in ensuring the pre-planned protection levels, including the process for methodically evaluating and improving information protection.

An information-related disaster in the company – ruin or a lesson for the future?

Just imagine what would happen to your company if there was a longer Internet outage, with the Web, e-mail and key applications unavailable; or if you were to lose all your data; or if your commercial secrets were revealed online; or if your intellectual property, patents and other confidential data were stolen. Would this leave your company “only” at an economic disadvantage or would your company be forced to file for bankruptcy?

Many international studies have shown that, if a company loses all its data, its chance of surviving the disaster is only six percent. Without having an established policy on the protection of information in place, if your company was to experience any other large-scale information disaster, its chance of surviving would only be around fifty percent.