ISO/IEC 27001:2013 Information Security Policy

Greece Lean Six Sigma
(In alignment with ISO/IEC 27001:2013 – Information Security Management Systems)

At Greece Lean Six Sigma, we recognize that information—whether belonging to our learners, clients, partners, or organization—is one of our most valuable assets. Our commitment to confidentiality, integrity, and availability of information is central to the trust our stakeholders place in us.

This Information Security Policy defines the principles that govern the protection of data and digital infrastructure in alignment with ISO/IEC 27001:2013, the leading international standard for Information Security Management Systems (ISMS).

Policy Objectives

  1. Safeguard Confidentiality
    Ensure that information is accessible only to authorized individuals. We protect sensitive learner and client data, intellectual property, assessment results, and proprietary course materials against unauthorized access or disclosure.
  2. Ensure Integrity
    Protect the accuracy and completeness of data throughout its lifecycle. Our systems and procedures prevent unauthorized changes, corruption, or loss of business-critical information.
  3. Maintain Availability
    Guarantee that information and systems are accessible when required by authorized users. We employ cloud-based platforms with secure backup, redundancy, and business continuity plans.

Scope of Application

This policy applies to:

  • All employees, contractors, trainers, and partners of Greece Lean Six Sigma
  • All information assets: physical (documents), digital (cloud systems, LMS, emails), or verbal
  • All systems: training platforms, collaboration tools, certification portals, data storage and communication channels

Commitments & Measures

  1. Risk Management
    We identify, assess, and mitigate risks to our information assets through a structured and regularly updated risk assessment methodology.
  2. Access Control
    User access to systems and information is based on the principle of least privilege. Strong authentication methods, regular password updates, and role-based access policies are enforced.
  3. Asset Classification and Control
    All information is classified by sensitivity level (public, internal, confidential), and appropriate controls are applied.
  4. Incident Management
    We maintain a defined procedure for reporting, investigating, and resolving information security incidents. All incidents are recorded and reviewed to prevent recurrence.
  5. Business Continuity & Backups
    Our digital infrastructure includes:
    • Regular encrypted cloud backups
    • Offsite data recovery
    • Contingency plans to ensure training continuity in case of disruptions
  6. Training & Awareness
    All staff and trainers receive periodic training on information security policies, GDPR compliance, phishing prevention, and digital hygiene practices.
  7. Compliance & Legal Requirements
    Our ISMS complies with applicable legal, regulatory, and contractual obligations, including:
    • GDPR
    • ISO 27701:2019 (Privacy)
    • Requirements from certification bodies and international partners

Policy Review and Governance

  • This policy is part of our ISMS and is reviewed at least annually or upon significant change in risks, systems, or regulations.
  • The ISMS Manager is responsible for oversight and continual improvement.
  • Breaches of this policy may result in disciplinary action or termination of contracts.

Victoria Tsolidou
Founder & Managing Director
Version: 1.0 | Date: 02.05.2024