MVM is a future- and customer-oriented Group, also competitive regionally, which provides responsible, sustainable and secure energy supply and energy-related services, accompanied by continuous innovation, to its partners. As a competitive market player on a dynamic growth path, it plans further growth in the Hungarian market through the expansion of its services provided by its member companies, while through acquisitions and investments abroad. The ever-expanding portfolio of MVM covers the entire Hungarian energy system and with its ancillary services (e.g. IT, telecommunications, financial services and security services), it is prepared to fully serve increasingly complex consumer needs through a single operator.
In order to achieve the goals of MVM Ltd. and to fully serve the needs of its partners, the Group also needs to adapt to the expectations of an ever-evolving and constantly changing digital society. To do all this, it is essential to follow IT trends, to support innovative solutions and to develop corporate mobility, bearing in mind the associated information security risks and the measures aimed to address them.
The requirements of the present age include that the MVM Group is also affected by a change in the level of terrorist threat due to its significant role in the energy market, which entails not only more stringent physical protection measures, but also makes it necessary to prepare for and proactively defend against attacks from cyber space. The possibility of attacks against the energy sector, especially power plants, cannot be ruled out; according to professional studies, too, the potential goal of a cyber attack against Hungary may be to cripple its electricity supply. Over the past few years, several power plants and organisations operating in Europe could also experience the consequences of such attacks, as a result of which increased attention must be paid to information security, business continuity management and crisis management also within the MVM Group.
Taking all this into account, MVM Ltd. has a key interest in the continuous development and maintenance of information security measures, emphasising that the information assets managed by the Group must be protected against external and internal threats in order to preserve data confidentiality, integrity and availability.
In order to achieve the defined goals, the Senior Management of MVM Ltd. set the fulfilment of the following most important goals and requirements in order to increase and maintain the security of member companies and its partners:
- key tasks are keeping up to date, complying with and ensuring compliance with national laws, regulations, data protection laws and international standards applicable to the MVM Group optionally elaborating, keeping up to date and continuously developing the Information Security Policy and other regulatory documents related to the information security system as well as setting, achieving and back-testing the strategic goals by member companies;
- monitoring possible new risks arising from technological novelties and continuous development, protection solutions and trends, and according to these, continuously surveilling, evaluating and developing our own systems;
- ensuring the physical and logical protection of the infrastructure and devices with state-of-the-art technical equipment and competent specialists;
- preparing to deal with possible security incidents, operating and maintaining a business continuity management system;
- taking measures to prevent threats and security incidents and developing action plans and procedures to deal with any incidents that may occur, taking also into account business continuity requirements;
- providing continuous training to and encouraging employees for security-conscious behaviour, emphasising the importance of information security, raising awareness of potential risks and security measures, and developing security awareness;
- ensuring the achievement of the set information security goals and compliance with the applicable instructions and procedures through regular inspections and continuous management support.
The implementation of information security is the responsibility of MVM Ltd. It is necessary to ensure the implementation of the above-mentioned tasks on the basis of guidelines and regulations.
The executives, employees and cooperating partners of MVM Ltd. are all committed to the implementation of the goals set out in the Information Security Policy, and they contribute to the development and maintenance of information security culture by setting personal example and taking responsibility.
Budapest, 15 April 2021
Chairman and CEO
Dr Szabolcs Tóth
Group Security Director