The company has implemented, monitors and continuously improves information security and service management systems. Company vision is to be the first choice in the provision of IT services and solutions related to data storing, analysis and management systems. Our mission is to contribute to our users’ successful and stable business activities by providing top information technology services and solutions.
The nature of the Comminus d.o.o. business requires exchange of information both internally and externally with clients, partners, and other business stakeholders. To maintain the continuity of our business and services, it is important to take the measures to protect information assets from internal and external, intentional, or accidental threats to confidentiality, integrity, and availability of information. Bearing this in mind, the company management formulates the principles of Information Security and Service Management Policy:
- Define roles and responsibilities in management systems,
- Build relationships and maintain communication with interested parties by understanding their context and needs and expectations,
- Apply information security and service management requirements and measures to ensure compliance with legal, regulatory, and contractual requirements,
- Focus on supplier selection and conduct supplier evaluation,
- Ensure that services are aligned with business goals and organizational and customer priorities,
- Focus on increasing product/service quality to exceed customer expectations,
- Monitor impacts on existing services, service availability during and after change, and impacts on service capacity and continuity,
- Manage changes in accordance with defined management system procedures and policies,
- Manage customer satisfaction and at planned intervals measure customer satisfaction,
- Regularly carry out risk identification, analysis, and assessment,
- Plan and take actions based on the results of the information security and service management risk assessment,
- Ensure appropriate controls and continuous improvement by planning and achieving measurable objectives and monitoring the performance of the systems and applied information security and service management measures,
- Ensure information security and service management awareness, education, and training for employees and other interested parties,
- Ensure the confidentiality of information and protect it from unauthorized access and misuse,
- Maintain the integrity of information to ensure its lasting accuracy and applicability,
- Make information and information systems available to interested parties in accordance with business needs,
- Investigate and analyse incidents and take appropriate actions to address the causes,
- Investigate and analyse vulnerabilities and threats and take appropriate actions to address the causes of threats and reduce risks,
- Develop, maintain, and test recovery plans to prevent potential consequences of incidents and to preserve business continuity if the incident occurs.
In order to meet these obligations and ensure the appropriate level of controls necessary to demonstrate compliance with the adopted processes, our policy is to maintain a functional and effective information security and service management systems which are established, maintained, and improved in accordance with the requirements of the international standards (ISO/IEC 27001 and ISO/IEC 20000-1). The CEO is responsible for communicating the Information Security and Service Management Policy to all personnel working for or on behalf of Comminus d.o.o. and making it available to relevant interested parties.
Zagreb, 05.01.2026.
Matija Zeman, CEO