{"id":135383,"date":"2024-03-22T12:55:34","date_gmt":"2024-03-22T12:55:34","guid":{"rendered":"https:\/\/bdm-stg.mda.pl\/security-policy-of-information-systems-of-budimex-sa-suppliers\/"},"modified":"2025-07-07T23:16:14","modified_gmt":"2025-07-07T22:16:14","slug":"security-policy-of-information-systems-of-budimex-sa-suppliers","status":"publish","type":"page","link":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","title":{"rendered":"Security policy of information systems of Budimex SA suppliers"},"content":{"rendered":"\n<section id=\"block_0ce169bbb491b01ef9c3a3b897e1d91b\" class=\"title-section section-margin-72\">\n    <div class=\"container\">\n        <div class=\"row\">\n            <div class=\"col-24\">\n                <div class=\"title-section__title\">\n                    <h2 class=\"typo-h2\">Security policy of information systems of Budimex SA suppliers<\/h2>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"block_b849487c30ba2b14e48be7a8e36c3277\" class=\"faq-section section-margin-56\" data-faq>\n    <div class=\"container\">\n                <div class=\"row\">\n            <div class=\"col-24 \">\n                <ul class=\"faq-section__list\">\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">1. PURPOSE<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">The purpose of the document is to\u00a0define the obligations and responsibilities of the Budimex Supplier (and its employees) in\u00a0the protection of Budimex information assets, to\u00a0which the Supplier will have access and which it will process in\u00a0the course of providing its services.<\/span><\/p><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">2. SCOPE<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">This document constitutes the Information Systems Security Policy for Budimex SA Suppliers, hereinafter referred to\u00a0as\u00a0the \u201cPolicy\u201d.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The provisions contained below regulate two basic areas of information security:<\/span><\/p>\n<ul>\n<li style=\"text-align: justify\"><span style=\"font-weight: 400\">provision of services by\u00a0the Supplier using IT systems entrusted by\u00a0Budimex and\/or IT systems connected to\u00a0Budimex\u2019s infrastructure,<\/span><\/li>\n<li style=\"text-align: justify\"><span style=\"font-weight: 400\">provision of services by\u00a0the Supplier using its own IT systems, but processing information owned or\u00a0for which Budimex is responsible (e.g. personal data of Budimex employees).<\/span><\/li>\n<\/ul><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">3. LIABILITY<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">Budimex SA makes every effort to\u00a0ensure the effective and safe functioning of the company in\u00a0order to\u00a0best meet the needs of the Company\u2019s customers, shareholders and employees. A\u00a0manifestation of special diligence on\u00a0the part of the management of Budimex SA is the minimisation of operational risk m.in.\u00a0by\u00a0ensuring an appropriate level of security of the processed information assets. To\u00a0this end, the management of Budimex SA decided to\u00a0implement the rules on\u00a0information security.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This document is an expression of Budimex\u2019s intention to\u00a0ensure the security of information assets, resulting from the adopted Information Security Policy, of assets made available and processed by\u00a0Budimex\u2019s Suppliers.<\/span><\/p><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">4. DEFINITIONS<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information assets \u2013 information and systems, infrastructure, devices and software used to\u00a0process information.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information security \u2013 ensuring the confidentiality, integrity and availability of IT assets.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Personal data \u2013 any information relating to\u00a0an identified or\u00a0identifiable natural person, directly or\u00a0indirectly.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Security incident \u2013 an undesirable event or\u00a0series of events that creates a\u00a0significant probability of disrupting business operations and may have a\u00a0negative impact on\u00a0the security of information assets.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information \u2013 any information, regardless of its form, i.e. in\u00a0electronic form, recorded in\u00a0paper form, transmitted orally.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Classified information \u2013 a\u00a0term defined in\u00a0the Act of 5 August 2010 on\u00a0the protection of classified information. It means information that requires protection against unauthorized disclosure as\u00a0constituting a\u00a0state or\u00a0official secret, regardless of the form and manner of its expression.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information processing \u2013 any action performed on\u00a0information, such as\u00a0creating, collecting, recording, storing, reading, changing, sharing, deleting, etc.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">User \u2013 anyone who has access to\u00a0Budimex\u2019s information assets \u2013 users are employees, temporary employees, consultants, trainees, customers, etc.<\/span><\/p><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">5. DESCRIPTION OF THE PROCEDURE \u2013 GENERAL PRINCIPLES<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><b>5.1. Compliance with the Policy<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.1.1. The Policy is part of the rules and procedures governing the relationship between the Parties. The policy is subject to\u00a0periodic review. Compliance with the Policy is a\u00a0condition for the provision of services to\u00a0Budimex in\u00a0accordance with the contract.<\/span><\/p>\n<p style=\"text-align: justify\"><b>5.2. Legal Compliance<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.2.1. The parties must comply with the laws and regulations relating to\u00a0Information Technology.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.2.2. It is forbidden to\u00a0use the resources of the IT Systems resulting in\u00a0the infringement of intellectual property rights.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.2.3. Installing software or\u00a0saving any other materials in\u00a0the IT System entrusted by\u00a0Budimex that have not been obtained in\u00a0a\u00a0way that authorises Budimex to\u00a0use them is contrary to\u00a0the Policy.<\/span><\/p>\n<p style=\"text-align: justify\"><b>5.3. Proprietary Rights and Protection of Information Stored in\u00a0Electronic Form.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.1. Data and information stored, processed and\/or transferred through the IT Systems belonging to\u00a0Budimex are under constant control. The control includes methods such as: interception, monitoring, entry in\u00a0the event log and inspection. The purpose of the constant control is to\u00a0protect the interests of Budimex and the Supplier.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.2. The data and information are the property of Budimex or\u00a0the Supplier and must be\u00a0treated like any other company property.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.3. Data and information concerning Budimex, stored on\u00a0any media or\u00a0in\u00a0IT Systems, may not be\u00a0deleted without authorisation and should be\u00a0deleted\/destroyed only with the consent and in\u00a0a\u00a0manner agreed with the data owner.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.4. The data and information entrusted to\u00a0the Supplier or\u00a0generated by\u00a0the Supplier in\u00a0the course of providing services to\u00a0Budimex and those under the Supplier\u2019s control must be\u00a0adequately protected by\u00a0the Supplier against destruction, damage and unauthorised access using available means.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.5. The provider must at\u00a0all times have appropriate protection mechanisms in\u00a0place according to\u00a0the systems under its control and the data\/information contained therein. The supplier is fully responsible for creating regular backup copies of Budimex data placed on\u00a0mobile computer equipment. Data and information should be\u00a0stored on\u00a0portable computers only in\u00a0the minimum amount and only for the time necessary to\u00a0perform the scope of services provided. Whenever possible, data should be\u00a0stored on\u00a0network drives.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.6. Portable computer equipment containing significant and\/or confidential data and information concerning Budimex must at\u00a0all times be\u00a0equipped with technologies approved by\u00a0the Parties to\u00a0block unauthorised access.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.7. Without Budimex\u2019s written consent, data belonging to\u00a0Budimex may not be\u00a0processed or\u00a0stored on\u00a0equipment that does not belong to\u00a0Budimex (e.g. on\u00a0home computers).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.8. The period and method of storing electronic data in\u00a0the IT System must be\u00a0consistent with the assumptions adopted for a\u00a0given system (document retention).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.9. Equipment that has not been approved by\u00a0Budimex cannot be\u00a0connected to\u00a0the Budimex IT System. Connecting business or\u00a0private mobile phones to\u00a0Budimex IT Systems is prohibited.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.10. You cannot transmit secret or\u00a0confidential information over the Internet. Important information (non-secret and non-confidential) received or\u00a0sent over the Internet must be\u00a0encrypted in\u00a0accordance with the recommendations of the applicable Security Policy.<\/span><\/p><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">6. DESCRIPTION OF THE PROCEDURE \u2013 RULES CONCERNING THE SYSTEMS MADE AVAILABLE TO&nbsp;THE SUPPLIER BY&nbsp;BUDIMEX<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><b>6.1. The use of information technology for business purposes.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.1.1. The Supplier\u2019s employees, who are users of IT systems provided by\u00a0Budimex, may occasionally use the said resources for private purposes. This type of use must not interfere with the performance of official duties and be\u00a0contrary to\u00a0Budimex\u2019s interest.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.1.2. The Supplier may not use the resources of the IT Systems provided by\u00a0Budimex for gainful employment for an entity other than Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.2. Control access to\u00a0information from electronic sources.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.1. Control of access to\u00a0information stored in\u00a0Budimex IT Systems is mandatory. For each System, Users are granted access authorization to\u00a0the extent necessary to\u00a0perform their work.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.2. Access is controlled by\u00a0means of individual identifiers and passwords, which clearly identify the User in\u00a0the IT System and protect against unauthorized access.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.3. Passwords are created according to\u00a0specific rules regarding their length, structure and frequency of changes.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.4. Passwords must be\u00a0kept secret and must not be\u00a0disclosed to\u00a0others. If the User performing the Provider\u2019s obligation provides the password to\u00a0another person, the Provider remains fully responsible for the inviolability and confidentiality of the information entrusted to\u00a0him. Password protection is in\u00a0the interest of both Budimex and the Supplier.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.5. The User whose ID\u00a0and password have been used to\u00a0gain unauthorized access to\u00a0the IT System shall be\u00a0considered as\u00a0the person who has used the resources of this System in\u00a0an unauthorized manner.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.6. If you leave your workstation for a\u00a0while, lock the computer console (e.g. in\u00a0Windows use the CTRL-ALT-DEL + ENTER keys) to\u00a0prevent unauthorized use of the computer.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.7. In\u00a0the case of adding new Users to\u00a0the IT System, Budimex\u2019s consent is required.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.8. Budimex will change the User\u2019s password only on\u00a0the basis of the request of an authorised person, without disclosing the previous password.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.9. It is forbidden to\u00a0use IT Systems owned by\u00a0Budimex or\u00a0third parties without the consent of the person who is authorised to\u00a0issue such permits.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.3. Protection of the shared resources of the Information Systems.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.1. The Supplier may not modify devices belonging to\u00a0Budimex, e.g. by\u00a0installing computer components, software or\u00a0in\u00a0any other way without the written authorisation of the Budimex employee responsible for it.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.2. The supplier should constantly take care of the Budimex equipment entrusted to\u00a0him, and in\u00a0particular take care of protection against theft, prevent damage during transport or\u00a0handling, properly store at\u00a0the right temperature and not expose it to\u00a0magnetic fields or\u00a0bad weather conditions.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.3. Particular care should be\u00a0taken when handling materials on\u00a0exchangeable media (e.g. CD-ROM, etc.) which have been created or\u00a0used outside the Budimex IT System. Media from a\u00a0dubious or\u00a0unknown source cannot be\u00a0used on\u00a0equipment owned by\u00a0Budimex. All such materials should be\u00a0scanned with an antivirus program and\/or tested by\u00a0the Budimex IT Office before use.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.4. All software installations on\u00a0Budimex computers are carried out by\u00a0Budimex. Only with the written consent of Budimex can the installation of legal software for business use by\u00a0persons who are not Budimex employees be\u00a0carried out.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.5. Installation and\/or use of private software\/files on\u00a0IT equipment entrusted by\u00a0Budimex is prohibited.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.6. The computer equipment entrusted by\u00a0Budimex must always be\u00a0present and active with the latest version of antivirus software provided by\u00a0Budimex. The instructions provided by\u00a0Budimex regarding virus prevention and possible elimination of viruses that have penetrated the Budimex IT System must be\u00a0followed. If an incorrect operation of the antivirus program is noticed, the User must immediately report this fact to\u00a0the Budimex IT Office.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.7. Any identified cases of threat, breach and weakening of the security of IT Systems or\u00a0the operation of software unauthorised by\u00a0Budimex (security incidents) must be\u00a0immediately reported to\u00a0the Budimex IT Office.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.4. Sending messages electronically.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.1. Budimex\u2019s corporate electronic mail, which may be\u00a0made available to\u00a0users for whom the Supplier is responsible, is an official means of communication in\u00a0Budimex and is treated as\u00a0business mail.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.2. The User, for whom the Supplier is responsible, may not present private opinions and judgments as\u00a0Budimex\u2019s position when sending messages by\u00a0electronic means.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.3. Only electronic message exchange systems approved by\u00a0Budimex can be\u00a0used on\u00a0computers entrusted by\u00a0Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.4. On\u00a0computers entrusted by\u00a0Budimex, external services provided via the Internet (e.g. Hotmail, Yahoo, WP, ONET, chat and instant messengers, etc.) cannot be\u00a0used to\u00a0send or\u00a0receive messages.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.5. In\u00a0order to\u00a0prevent the operation of malicious software (e.g. viruses) that may get into the Budimex IT System, it is necessary to\u00a0immediately delete any unexpected mail with attachments from an unknown sender. Attachments in\u00a0such a\u00a0message cannot be\u00a0opened.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.6. The distribution of e-mails in\u00a0the Budimex corporate e-mail system must be\u00a0limited only to\u00a0persons who should know their content or\u00a0to\u00a0persons directly related to\u00a0the content of the message. Distribution lists should not be\u00a0used except when all recipients meet the above criteria.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.7. In\u00a0the Budimex corporate e-mail system, it is necessary to\u00a0avoid sending messages with large attachments to\u00a0a\u00a0large group of people via distribution lists. You should use the compression software provided by\u00a0Budimex to\u00a0limit the size of large attachments and\/or send several messages.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.8. The size of the entrusted Budimex corporate mailbox is limited by\u00a0the limit. The User, for whom the Provider is responsible, is obliged to\u00a0regularly delete outdated messages.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.5. Internet.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.1. In\u00a0order to\u00a0provide the services covered by\u00a0the agreement, it may be\u00a0necessary for Budimex to\u00a0provide the Supplier with access to\u00a0the Internet. Such access will be\u00a0subject to\u00a0the restrictions of the Budimex SA Information Security Policy Access to\u00a0the Internet from the devices and\/or infrastructure made available by\u00a0Budimex is permitted only through solutions provided and approved by\u00a0Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.2. Under no\u00a0circumstances may the User, for whom the Supplier is responsible, connect the equipment entrusted to\u00a0him to\u00a0the Internet or\u00a0other networks via cables, dial-up modems or\u00a0wirelessly without the safeguards required by\u00a0the applicable Information Security Policy of Budimex SA Each connection to\u00a0a\u00a0computer network not belonging to\u00a0the Budimex Group of computer equipment entrusted by\u00a0Budimex must be\u00a0individually approved by\u00a0Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.3. Budimex reserves the right to\u00a0monitor all types of Internet connections involving devices connected to\u00a0Budimex IT Systems and to\u00a0block access to\u00a0services and websites that are deemed to\u00a0be\u00a0inconsistent with the Information Security Policy of Budimex SA<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.4. The User for whom the Provider is responsible may not:<\/span><\/p>\n<ul style=\"text-align: justify\">\n<li><span style=\"font-weight: 400\">  Attempt to\u00a0bypass security, access control, or\u00a0content filtering mechanisms on\u00a0the Internet exit gateway<\/span><\/li>\n<li><span style=\"font-weight: 400\"> deliberately disrupt the functioning of the network, e.g. by\u00a0sending computer viruses, using hacking practices and sending large amounts of data blocking the network and hindering the work of other users,<\/span><\/li>\n<li><span style=\"font-weight: 400\"> disclose or\u00a0publish secret or\u00a0proprietary company information over the Internet, such as: financial information, new ideas or\u00a0ideas related to\u00a0the company, marketing strategies and plans, databases and information contained therein, customer lists, software source codes, computer\/network access codes and business affiliations, etc.;<\/span><\/li>\n<li><span style=\"font-weight: 400\"> use the Internet, e-mail or\u00a0other tools in\u00a0order to\u00a0create legal or\u00a0contractual obligations without the required authorisation of the Management Board of Budimex,<\/span><\/li>\n<li><span style=\"font-weight: 400\"> use resources in\u00a0another improper manner specified by\u00a0Budimex.<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify\"><b>6.6. Inappropriate material.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.6.1. The Supplier may not use the computer equipment, devices and rooms provided by\u00a0Budimex to\u00a0view, process, create and\/or distribute materials among employees or\u00a0anyone outside Budimex that contain content:<\/span><\/p>\n<ul style=\"text-align: justify\">\n<li><span style=\"font-weight: 400\"> related to\u00a0discrimination (racial or\u00a0otherwise),<\/span><\/li>\n<li><span style=\"font-weight: 400\"> harassment (sexual or\u00a0otherwise),<\/span><\/li>\n<li><span style=\"font-weight: 400\"> threatening,<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Obscene<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Pornographic<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Defamatory<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Illegal<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.6.2. The Supplier is obliged to\u00a0immediately destroy\/remove the materials specified in\u00a0pt.\u00a06.6.1 received from anyone and to\u00a0request the Sender to\u00a0cease such practices in\u00a0the future. You should also immediately inform the Head of Consumer Protection. Security of Budimex SA IT Systems about the details of the incident, together with the sender\u2019s e-mail address, subject and actions taken.<\/span><\/p><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">7. DESCRIPTION OF THE PROCEDURE \u2013 RULES CONCERNING IT SYSTEMS OF THE SERVICE PROVIDER FOR BUDIMEX<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">If the Supplier uses its IT system not owned by\u00a0Budimex and not connected to\u00a0Budimex\u2019s infrastructure to\u00a0provide services, the following requirements are the minimum for such a\u00a0system to\u00a0be\u00a0allowed to\u00a0provide services:<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.1. All software (Operating System and applications) installed and used in\u00a0accordance with the law and license terms.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.2. Each operating system and application must be\u00a0verified on\u00a0an ongoing basis for security patch updates (frequency of at\u00a0least 1x per month).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.3. A\u00a0system that has any possibility of interaction with the outside world (computer network, CD-ROM\/DVD-ROM drive, USB, disk drive) must necessarily have up-to-date (with a\u00a0frequency of updates of at\u00a0least 24 hours) and working antivirus software. For Windows-based systems, the list of available providers \u2013<\/span><a href=\"http:\/\/windows.microsoft.com\/en-US\/windows\/antivirus-partners#AVtabs=win7\"> <span style=\"font-weight: 400\">http:\/\/windows.microsoft.com\/en-US\/windows\/antivirus-partners#AVtabs=win7.<\/span><\/a><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.4. The system must have a\u00a0properly updated and regularly synchronized time (in\u00a0the case of systems with network access, the use of a\u00a0time server; in\u00a0the case of off-line systems, documented time synchronization at\u00a0least 1 x\u00a0a\u00a0month).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.5. The system must have working and periodically verified (restoration tests at\u00a0least once a\u00a0year) software that makes data backups.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.6. The entire environment used to\u00a0provide services to\u00a0Budimex must have appropriate logical and environmental protection \u2013 emergency power supply and protection against unauthorised physical and unauthorised logical access.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.7. Operating personnel trained in\u00a0the use of the system.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.8. Wherever possible, multi-factor authentication (MFA) should be\u00a0used when accessing IT systems.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.9. Particular care should be\u00a0taken when using an external storage device (e.g. USB hard drive\/flash drive) for data processing of Budimex SA, the data on\u00a0the storage medium must be\u00a0protected against loss and access by\u00a0third parties (e.g. encrypted using a\u00a0method generally accepted as\u00a0safe).<\/span><\/p>\n<p>\u00a0<\/p><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">8. DOCUMENTED INFORMATION<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">8.1. Report on\u00a0the review of organizational and technical security of the Supplier<\/span><\/p><\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                <\/ul>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"block_f31ff4ddc115e449f339600f308c8682\" class=\"booklet section-margin-120\">\n    <div class=\"container\">\n        <div class=\"row\">\n            <div class=\"col-24\">\n                <div class=\"booklet__image d-flex justify-content-end d-lg-none\">\n                    <img decoding=\"async\" src=\"https:\/\/bdm-stg.mda.pl\/app\/uploads\/2024\/06\/Group-2836-6.png\" alt=\"\">\n                <\/div>\n                <div class=\"booklet__box\">\n                    <div class=\"booklet__content\">\n                        <p class=\"booklet__title typo-h5\">File to&nbsp;download<\/p>\n                        <div class=\"booklet__file\">\n                                                            <div class=\"booklet__fileIcon\">\n                                    <img decoding=\"async\" src=\"https:\/\/bdm-stg.mda.pl\/app\/themes\/main\/src\/img\/icon_pdf.png\" alt=\"Download file - icon\">\n                                <\/div>\n                                                                                    <div class=\"booklet__fileDownload \">\n                                <a href=\"https:\/\/bdm-stg.mda.pl\/app\/uploads\/2024\/06\/Polityka_Bezpieczenstwa_Systemow_Informacyjnych_dla_Dostawcow_Budimex_SA_20170207-1.pdf\" class=\"f-700 typo-14 booklet__fileDownloadButton\" target=\"_blank\" download>Download file PDF<\/a>\n                            <\/div>\n                                                                                <\/div>\n                    <\/div>\n                    <div class=\"booklet__image d-none d-lg-block\">\n                        <img decoding=\"async\" src=\"https:\/\/bdm-stg.mda.pl\/app\/uploads\/2024\/06\/Group-2836-6.png\" alt=\"\">\n                    <\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"parent":135693,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-templates\/gutenberg-text-hero.php","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security policy of information systems of Budimex SA suppliers - Budimex<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security policy of information systems of Budimex SA suppliers - Budimex\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\" \/>\n<meta property=\"og:site_name\" content=\"Budimex\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-07T22:16:14+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\",\"url\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\",\"name\":\"Security policy of information systems of Budimex SA suppliers - Budimex\",\"isPartOf\":{\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/#website\"},\"datePublished\":\"2024-03-22T12:55:34+00:00\",\"dateModified\":\"2025-07-07T22:16:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Contractors\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Information security and personal data protection\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Information Security\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Security policy of information systems of Budimex SA suppliers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/#website\",\"url\":\"https:\/\/bdm-stg.mda.pl\/en\/\",\"name\":\"Budimex\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bdm-stg.mda.pl\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security policy of information systems of Budimex SA suppliers - Budimex","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Security policy of information systems of Budimex SA suppliers - Budimex","og_url":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","og_site_name":"Budimex","article_modified_time":"2025-07-07T22:16:14+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","url":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","name":"Security policy of information systems of Budimex SA suppliers - Budimex","isPartOf":{"@id":"https:\/\/bdm-stg.mda.pl\/en\/#website"},"datePublished":"2024-03-22T12:55:34+00:00","dateModified":"2025-07-07T22:16:14+00:00","breadcrumb":{"@id":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bdm-stg.mda.pl\/en\/"},{"@type":"ListItem","position":2,"name":"Contractors","item":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/"},{"@type":"ListItem","position":3,"name":"Information security and personal data protection","item":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/"},{"@type":"ListItem","position":4,"name":"Information Security","item":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/"},{"@type":"ListItem","position":5,"name":"Security policy of information systems of Budimex SA suppliers"}]},{"@type":"WebSite","@id":"https:\/\/bdm-stg.mda.pl\/en\/#website","url":"https:\/\/bdm-stg.mda.pl\/en\/","name":"Budimex","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bdm-stg.mda.pl\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135383"}],"collection":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/comments?post=135383"}],"version-history":[{"count":3,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135383\/revisions"}],"predecessor-version":[{"id":172121,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135383\/revisions\/172121"}],"up":[{"embeddable":true,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135693"}],"wp:attachment":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/media?parent=135383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}