{"id":135383,"date":"2024-03-22T12:55:34","date_gmt":"2024-03-22T12:55:34","guid":{"rendered":"https:\/\/bdm-stg.mda.pl\/security-policy-of-information-systems-of-budimex-sa-suppliers\/"},"modified":"2025-07-07T23:16:14","modified_gmt":"2025-07-07T22:16:14","slug":"security-policy-of-information-systems-of-budimex-sa-suppliers","status":"publish","type":"page","link":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","title":{"rendered":"Security policy of information systems of Budimex SA suppliers"},"content":{"rendered":"\n<section id=\"block_0ce169bbb491b01ef9c3a3b897e1d91b\" class=\"title-section section-margin-72\">\n    <div class=\"container\">\n        <div class=\"row\">\n            <div class=\"col-24\">\n                <div class=\"title-section__title\">\n                    <h2 class=\"typo-h2\">Security policy of information systems of Budimex SA suppliers<\/h2>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"block_b849487c30ba2b14e48be7a8e36c3277\" class=\"faq-section section-margin-56\" data-faq>\n    <div class=\"container\">\n                <div class=\"row\">\n            <div class=\"col-24 \">\n                <ul class=\"faq-section__list\">\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">1. PURPOSE<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">The purpose of the document is to define the obligations and responsibilities of the Budimex Supplier (and its employees) in the protection of Budimex information assets, to which the Supplier will have access and which it will process in the course of providing its services.<\/span><\/p>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">2. SCOPE<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">This document constitutes the Information Systems Security Policy for Budimex SA Suppliers, hereinafter referred to as the \u201cPolicy\u201d.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The provisions contained below regulate two basic areas of information security:<\/span><\/p>\n<ul>\n<li style=\"text-align: justify\"><span style=\"font-weight: 400\">provision of services by the Supplier using IT systems entrusted by Budimex and\/or IT systems connected to Budimex\u2019s infrastructure,<\/span><\/li>\n<li style=\"text-align: justify\"><span style=\"font-weight: 400\">provision of services by the Supplier using its own IT systems, but processing information owned or for which Budimex is responsible (e.g. personal data of Budimex employees).<\/span><\/li>\n<\/ul>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">3. LIABILITY<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">Budimex SA makes every effort to ensure the effective and safe functioning of the company in order to best meet the needs of the Company\u2019s customers, shareholders and employees. A manifestation of special diligence on the part of the management of Budimex SA is the minimisation of operational risk m.in. by ensuring an appropriate level of security of the processed information assets. To this end, the management of Budimex SA decided to implement the rules on information security.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This document is an expression of Budimex\u2019s intention to ensure the security of information assets, resulting from the adopted Information Security Policy, of assets made available and processed by Budimex\u2019s Suppliers.<\/span><\/p>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">4. DEFINITIONS<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information assets \u2013 information and systems, infrastructure, devices and software used to process information.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information security \u2013 ensuring the confidentiality, integrity and availability of IT assets.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Personal data \u2013 any information relating to an identified or identifiable natural person, directly or indirectly.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Security incident \u2013 an undesirable event or series of events that creates a significant probability of disrupting business operations and may have a negative impact on the security of information assets.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information \u2013 any information, regardless of its form, i.e. in electronic form, recorded in paper form, transmitted orally.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Classified information \u2013 a term defined in the Act of 5 August 2010 on the protection of classified information. It means information that requires protection against unauthorized disclosure as constituting a state or official secret, regardless of the form and manner of its expression.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Information processing \u2013 any action performed on information, such as creating, collecting, recording, storing, reading, changing, sharing, deleting, etc.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">User \u2013 anyone who has access to Budimex\u2019s information assets \u2013 users are employees, temporary employees, consultants, trainees, customers, etc.<\/span><\/p>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">5. DESCRIPTION OF THE PROCEDURE \u2013 GENERAL PRINCIPLES<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><b>5.1. Compliance with the Policy<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.1.1. The Policy is part of the rules and procedures governing the relationship between the Parties. The policy is subject to periodic review. Compliance with the Policy is a condition for the provision of services to Budimex in accordance with the contract.<\/span><\/p>\n<p style=\"text-align: justify\"><b>5.2. Legal Compliance<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.2.1. The parties must comply with the laws and regulations relating to Information Technology.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.2.2. It is forbidden to use the resources of the IT Systems resulting in the infringement of intellectual property rights.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.2.3. Installing software or saving any other materials in the IT System entrusted by Budimex that have not been obtained in a way that authorises Budimex to use them is contrary to the Policy.<\/span><\/p>\n<p style=\"text-align: justify\"><b>5.3. Proprietary Rights and Protection of Information Stored in Electronic Form.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.1. Data and information stored, processed and\/or transferred through the IT Systems belonging to Budimex are under constant control. The control includes methods such as: interception, monitoring, entry in the event log and inspection. The purpose of the constant control is to protect the interests of Budimex and the Supplier.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.2. The data and information are the property of Budimex or the Supplier and must be treated like any other company property.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.3. Data and information concerning Budimex, stored on any media or in IT Systems, may not be deleted without authorisation and should be deleted\/destroyed only with the consent and in a manner agreed with the data owner.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.4. The data and information entrusted to the Supplier or generated by the Supplier in the course of providing services to Budimex and those under the Supplier\u2019s control must be adequately protected by the Supplier against destruction, damage and unauthorised access using available means.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.5. The provider must at all times have appropriate protection mechanisms in place according to the systems under its control and the data\/information contained therein. The supplier is fully responsible for creating regular backup copies of Budimex data placed on mobile computer equipment. Data and information should be stored on portable computers only in the minimum amount and only for the time necessary to perform the scope of services provided. Whenever possible, data should be stored on network drives.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.6. Portable computer equipment containing significant and\/or confidential data and information concerning Budimex must at all times be equipped with technologies approved by the Parties to block unauthorised access.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.7. Without Budimex\u2019s written consent, data belonging to Budimex may not be processed or stored on equipment that does not belong to Budimex (e.g. on home computers).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.8. The period and method of storing electronic data in the IT System must be consistent with the assumptions adopted for a given system (document retention).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.9. Equipment that has not been approved by Budimex cannot be connected to the Budimex IT System. Connecting business or private mobile phones to Budimex IT Systems is prohibited.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">5.3.10. You cannot transmit secret or confidential information over the Internet. Important information (non-secret and non-confidential) received or sent over the Internet must be encrypted in accordance with the recommendations of the applicable Security Policy.<\/span><\/p>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">6. DESCRIPTION OF THE PROCEDURE \u2013 RULES CONCERNING THE SYSTEMS MADE AVAILABLE TO THE SUPPLIER BY BUDIMEX<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><b>6.1. The use of information technology for business purposes.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.1.1. The Supplier\u2019s employees, who are users of IT systems provided by Budimex, may occasionally use the said resources for private purposes. This type of use must not interfere with the performance of official duties and be contrary to Budimex\u2019s interest.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.1.2. The Supplier may not use the resources of the IT Systems provided by Budimex for gainful employment for an entity other than Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.2. Control access to information from electronic sources.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.1. Control of access to information stored in Budimex IT Systems is mandatory. For each System, Users are granted access authorization to the extent necessary to perform their work.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.2. Access is controlled by means of individual identifiers and passwords, which clearly identify the User in the IT System and protect against unauthorized access.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.3. Passwords are created according to specific rules regarding their length, structure and frequency of changes.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.4. Passwords must be kept secret and must not be disclosed to others. If the User performing the Provider\u2019s obligation provides the password to another person, the Provider remains fully responsible for the inviolability and confidentiality of the information entrusted to him. Password protection is in the interest of both Budimex and the Supplier.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.5. The User whose ID and password have been used to gain unauthorized access to the IT System shall be considered as the person who has used the resources of this System in an unauthorized manner.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.6. If you leave your workstation for a while, lock the computer console (e.g. in Windows use the CTRL-ALT-DEL + ENTER keys) to prevent unauthorized use of the computer.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.7. In the case of adding new Users to the IT System, Budimex\u2019s consent is required.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.8. Budimex will change the User\u2019s password only on the basis of the request of an authorised person, without disclosing the previous password.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.2.9. It is forbidden to use IT Systems owned by Budimex or third parties without the consent of the person who is authorised to issue such permits.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.3. Protection of the shared resources of the Information Systems.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.1. The Supplier may not modify devices belonging to Budimex, e.g. by installing computer components, software or in any other way without the written authorisation of the Budimex employee responsible for it.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.2. The supplier should constantly take care of the Budimex equipment entrusted to him, and in particular take care of protection against theft, prevent damage during transport or handling, properly store at the right temperature and not expose it to magnetic fields or bad weather conditions.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.3. Particular care should be taken when handling materials on exchangeable media (e.g. CD-ROM, etc.) which have been created or used outside the Budimex IT System. Media from a dubious or unknown source cannot be used on equipment owned by Budimex. All such materials should be scanned with an antivirus program and\/or tested by the Budimex IT Office before use.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.4. All software installations on Budimex computers are carried out by Budimex. Only with the written consent of Budimex can the installation of legal software for business use by persons who are not Budimex employees be carried out.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.5. Installation and\/or use of private software\/files on IT equipment entrusted by Budimex is prohibited.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.6. The computer equipment entrusted by Budimex must always be present and active with the latest version of antivirus software provided by Budimex. The instructions provided by Budimex regarding virus prevention and possible elimination of viruses that have penetrated the Budimex IT System must be followed. If an incorrect operation of the antivirus program is noticed, the User must immediately report this fact to the Budimex IT Office.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.3.7. Any identified cases of threat, breach and weakening of the security of IT Systems or the operation of software unauthorised by Budimex (security incidents) must be immediately reported to the Budimex IT Office.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.4. Sending messages electronically.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.1. Budimex\u2019s corporate electronic mail, which may be made available to users for whom the Supplier is responsible, is an official means of communication in Budimex and is treated as business mail.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.2. The User, for whom the Supplier is responsible, may not present private opinions and judgments as Budimex\u2019s position when sending messages by electronic means.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.3. Only electronic message exchange systems approved by Budimex can be used on computers entrusted by Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.4. On computers entrusted by Budimex, external services provided via the Internet (e.g. Hotmail, Yahoo, WP, ONET, chat and instant messengers, etc.) cannot be used to send or receive messages.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.5. In order to prevent the operation of malicious software (e.g. viruses) that may get into the Budimex IT System, it is necessary to immediately delete any unexpected mail with attachments from an unknown sender. Attachments in such a message cannot be opened.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.6. The distribution of e-mails in the Budimex corporate e-mail system must be limited only to persons who should know their content or to persons directly related to the content of the message. Distribution lists should not be used except when all recipients meet the above criteria.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.7. In the Budimex corporate e-mail system, it is necessary to avoid sending messages with large attachments to a large group of people via distribution lists. You should use the compression software provided by Budimex to limit the size of large attachments and\/or send several messages.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.4.8. The size of the entrusted Budimex corporate mailbox is limited by the limit. The User, for whom the Provider is responsible, is obliged to regularly delete outdated messages.<\/span><\/p>\n<p style=\"text-align: justify\"><b>6.5. Internet.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.1. In order to provide the services covered by the agreement, it may be necessary for Budimex to provide the Supplier with access to the Internet. Such access will be subject to the restrictions of the Budimex SA Information Security Policy Access to the Internet from the devices and\/or infrastructure made available by Budimex is permitted only through solutions provided and approved by Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.2. Under no circumstances may the User, for whom the Supplier is responsible, connect the equipment entrusted to him to the Internet or other networks via cables, dial-up modems or wirelessly without the safeguards required by the applicable Information Security Policy of Budimex SA Each connection to a computer network not belonging to the Budimex Group of computer equipment entrusted by Budimex must be individually approved by Budimex.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.3. Budimex reserves the right to monitor all types of Internet connections involving devices connected to Budimex IT Systems and to block access to services and websites that are deemed to be inconsistent with the Information Security Policy of Budimex SA<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.5.4. The User for whom the Provider is responsible may not:<\/span><\/p>\n<ul style=\"text-align: justify\">\n<li><span style=\"font-weight: 400\">  Attempt to bypass security, access control, or content filtering mechanisms on the Internet exit gateway<\/span><\/li>\n<li><span style=\"font-weight: 400\"> deliberately disrupt the functioning of the network, e.g. by sending computer viruses, using hacking practices and sending large amounts of data blocking the network and hindering the work of other users,<\/span><\/li>\n<li><span style=\"font-weight: 400\"> disclose or publish secret or proprietary company information over the Internet, such as: financial information, new ideas or ideas related to the company, marketing strategies and plans, databases and information contained therein, customer lists, software source codes, computer\/network access codes and business affiliations, etc.;<\/span><\/li>\n<li><span style=\"font-weight: 400\"> use the Internet, e-mail or other tools in order to create legal or contractual obligations without the required authorisation of the Management Board of Budimex,<\/span><\/li>\n<li><span style=\"font-weight: 400\"> use resources in another improper manner specified by Budimex.<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify\"><b>6.6. Inappropriate material.<\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.6.1. The Supplier may not use the computer equipment, devices and rooms provided by Budimex to view, process, create and\/or distribute materials among employees or anyone outside Budimex that contain content:<\/span><\/p>\n<ul style=\"text-align: justify\">\n<li><span style=\"font-weight: 400\"> related to discrimination (racial or otherwise),<\/span><\/li>\n<li><span style=\"font-weight: 400\"> harassment (sexual or otherwise),<\/span><\/li>\n<li><span style=\"font-weight: 400\"> threatening,<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Obscene<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Pornographic<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Defamatory<\/span><\/li>\n<li><span style=\"font-weight: 400\"> Illegal<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">6.6.2. The Supplier is obliged to immediately destroy\/remove the materials specified in pt. 6.6.1 received from anyone and to request the Sender to cease such practices in the future. You should also immediately inform the Head of Consumer Protection. Security of Budimex SA IT Systems about the details of the incident, together with the sender\u2019s e-mail address, subject and actions taken.<\/span><\/p>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">7. DESCRIPTION OF THE PROCEDURE \u2013 RULES CONCERNING IT SYSTEMS OF THE SERVICE PROVIDER FOR BUDIMEX<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">If the Supplier uses its IT system not owned by Budimex and not connected to Budimex\u2019s infrastructure to provide services, the following requirements are the minimum for such a system to be allowed to provide services:<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.1. All software (Operating System and applications) installed and used in accordance with the law and license terms.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.2. Each operating system and application must be verified on an ongoing basis for security patch updates (frequency of at least 1x per month).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.3. A system that has any possibility of interaction with the outside world (computer network, CD-ROM\/DVD-ROM drive, USB, disk drive) must necessarily have up-to-date (with a frequency of updates of at least 24 hours) and working antivirus software. For Windows-based systems, the list of available providers \u2013<\/span><a href=\"http:\/\/windows.microsoft.com\/en-US\/windows\/antivirus-partners#AVtabs=win7\"> <span style=\"font-weight: 400\">http:\/\/windows.microsoft.com\/en-US\/windows\/antivirus-partners#AVtabs=win7.<\/span><\/a><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.4. The system must have a properly updated and regularly synchronized time (in the case of systems with network access, the use of a time server; in the case of off-line systems, documented time synchronization at least 1 x a month).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.5. The system must have working and periodically verified (restoration tests at least once a year) software that makes data backups.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.6. The entire environment used to provide services to Budimex must have appropriate logical and environmental protection \u2013 emergency power supply and protection against unauthorised physical and unauthorised logical access.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.7. Operating personnel trained in the use of the system.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.8. Wherever possible, multi-factor authentication (MFA) should be used when accessing IT systems.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">7.9. Particular care should be taken when using an external storage device (e.g. USB hard drive\/flash drive) for data processing of Budimex SA, the data on the storage medium must be protected against loss and access by third parties (e.g. encrypted using a method generally accepted as safe).<\/span><\/p>\n<p>\u00a0<\/p>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                    <li class=\"faq-section__single\">\n                        <button class=\"faq-section__item\" data-faq-item>\n                            <div class=\"faq-section__question\">\n                                <div class=\"faq-section__questionText\">\n                                    <p class=\"typo-h5 f-700 color-dark-100\">8. DOCUMENTED INFORMATION<\/p>\n                                <\/div>\n                                <div class=\"faq-section__questionToggle\">\n                                    <span class=\"icon icon-triangle-down d-flex\"><\/span>\n                                <\/div>\n                            <\/div>\n                            <div class=\"faq-section__answer\">\n                                <div class=\"typo-18 color-dark-100\" data-faq-item-answer><p style=\"text-align: justify\"><span style=\"font-weight: 400\">8.1. Report on the review of organizational and technical security of the Supplier<\/span><\/p>\n<\/div>\n                            <\/div>\n                        <\/button>\n                    <\/li>\n                                <\/ul>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>\n<section id=\"block_f31ff4ddc115e449f339600f308c8682\" class=\"booklet section-margin-120\">\n    <div class=\"container\">\n        <div class=\"row\">\n            <div class=\"col-24\">\n                <div class=\"booklet__image d-flex justify-content-end d-lg-none\">\n                    <img decoding=\"async\" src=\"https:\/\/bdm-stg.mda.pl\/app\/uploads\/2024\/06\/Group-2836-6.png\" alt=\"\">\n                <\/div>\n                <div class=\"booklet__box\">\n                    <div class=\"booklet__content\">\n                        <p class=\"booklet__title typo-h5\">File to download<\/p>\n                        <div class=\"booklet__file\">\n                                                            <div class=\"booklet__fileIcon\">\n                                    <img decoding=\"async\" src=\"https:\/\/bdm-stg.mda.pl\/app\/themes\/main\/src\/img\/icon_pdf.png\" alt=\"Download file - icon\">\n                                <\/div>\n                                                                                    <div class=\"booklet__fileDownload \">\n                                <a href=\"https:\/\/bdm-stg.mda.pl\/app\/uploads\/2024\/06\/Polityka_Bezpieczenstwa_Systemow_Informacyjnych_dla_Dostawcow_Budimex_SA_20170207-1.pdf\" class=\"f-700 typo-14 booklet__fileDownloadButton\" target=\"_blank\" download>Download file PDF<\/a>\n                            <\/div>\n                                                                                <\/div>\n                    <\/div>\n                    <div class=\"booklet__image d-none d-lg-block\">\n                        <img decoding=\"async\" src=\"https:\/\/bdm-stg.mda.pl\/app\/uploads\/2024\/06\/Group-2836-6.png\" alt=\"\">\n                    <\/div>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/div>\n<\/section>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"parent":135693,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-templates\/gutenberg-text-hero.php","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security policy of information systems of Budimex SA suppliers - Budimex<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security policy of information systems of Budimex SA suppliers - Budimex\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\" \/>\n<meta property=\"og:site_name\" content=\"Budimex\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-07T22:16:14+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\",\"url\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\",\"name\":\"Security policy of information systems of Budimex SA suppliers - Budimex\",\"isPartOf\":{\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/#website\"},\"datePublished\":\"2024-03-22T12:55:34+00:00\",\"dateModified\":\"2025-07-07T22:16:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Contractors\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Information security and personal data protection\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Information Security\",\"item\":\"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Security policy of information systems of Budimex SA suppliers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bdm-stg.mda.pl\/en\/#website\",\"url\":\"https:\/\/bdm-stg.mda.pl\/en\/\",\"name\":\"Budimex\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bdm-stg.mda.pl\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security policy of information systems of Budimex SA suppliers - Budimex","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Security policy of information systems of Budimex SA suppliers - Budimex","og_url":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","og_site_name":"Budimex","article_modified_time":"2025-07-07T22:16:14+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","url":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/","name":"Security policy of information systems of Budimex SA suppliers - Budimex","isPartOf":{"@id":"https:\/\/bdm-stg.mda.pl\/en\/#website"},"datePublished":"2024-03-22T12:55:34+00:00","dateModified":"2025-07-07T22:16:14+00:00","breadcrumb":{"@id":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/security-policy-of-information-systems-of-budimex-sa-suppliers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bdm-stg.mda.pl\/en\/"},{"@type":"ListItem","position":2,"name":"Contractors","item":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/"},{"@type":"ListItem","position":3,"name":"Information security and personal data protection","item":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/"},{"@type":"ListItem","position":4,"name":"Information Security","item":"https:\/\/bdm-stg.mda.pl\/en\/contractors\/information-security-and-personal-data-protection\/information-security\/"},{"@type":"ListItem","position":5,"name":"Security policy of information systems of Budimex SA suppliers"}]},{"@type":"WebSite","@id":"https:\/\/bdm-stg.mda.pl\/en\/#website","url":"https:\/\/bdm-stg.mda.pl\/en\/","name":"Budimex","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bdm-stg.mda.pl\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135383"}],"collection":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/comments?post=135383"}],"version-history":[{"count":3,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135383\/revisions"}],"predecessor-version":[{"id":172121,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135383\/revisions\/172121"}],"up":[{"embeddable":true,"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/pages\/135693"}],"wp:attachment":[{"href":"https:\/\/bdm-stg.mda.pl\/en\/wp-json\/wp\/v2\/media?parent=135383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}