The Security Policy of the “Latvijas dzelzceļš” Group (the Group) was adopted on October 20, 2021. The Security Policy has the following objectives:
- To ensure implementation of the security procedures of the Group with the aim to protect the railway infrastructure, to promote transparent business partnerships and to implement the operational strategy of the Group;
- To improve the skills and understanding of security issues by employees of the Group, to be able to identify potential risks and threats in time, to develop and effectively implement solutions to reduce risks;
- To improve the Group’s ability to respond to potential security incidents in infrastructure, transactions, information security and personnel in strict compliance with external and internal legal requirements and general legal principles.
The Security Policy is the Group’s security management instrument and is binding on all limited liability companies under direct and indirect decisive influence of SJSC “Latvijas dzelzceļš”, including those that exist at the time of the adoption of the Policy and those that will exist in the future.
Basic principles of the Security Policy:
- Railway infrastructure is part of the national security system, which envisages a responsible attitude towards national security risks and a comprehensible and enforceable common security framework in the Group;
- An appropriate regulatory framework has been developed based on a comprehensive security review and types of possible threats;
- Security measures have been implemented, which are based on efficiency standards and which promote the Group’s operations in accordance with the action plan for the implementation of the business strategy approved by the Group;
- The Group fosters a fair and positive security culture based on mutual trust, open communication and common values;
- Any employee of the Group who identifies a threat responds to it in a timely and effective manner by effective threat management, contributing to corporate responsibility in achieving security objectives and taking into consideration current trends in security incidents and risk assessments;
- The Group has developed and updates plans for the protection of infrastructure and ensuring the continuity of essential services in accordance with the relevant laws and regulations, policy documents and procedures of the Security Directorate are also updated on a regular basis;
- The Group guarantees the right to protection of personal data, ensuring the right to reputation and respect for privacy in the data processing process in accordance with the provisions of the Group’s personal data protection policy;
- The Group pursues an active, structured and goal-oriented approach to fraud risk management pursuant to the basic principles laid out in the Group’s fraud prevention policy, ensuring efficient and financially stable development of the Group;
- The Group participates in and is represented at international security-related organizations;
- The Group actively cooperates with law enforcement authorities, facilitating detection of possible violations.