Information Security Policy

At GO, we pride ourselves as Malta’s leading communications services company. We provide mobile, fixed line, internet and TV services to more than 500,000 customers. We also provide unrivalled services to the Maltese business community, including Cloud Services, roaming services, data networking solutions, business IP services, and managed services. In providing our services, we recognise our responsibility to manage information that is entrusted to us by our business and consumer customers.

We aim to meet our responsibility by identifying potential risks that may impact the confidentiality, integrity, or availability of information.

We have implemented an information security management system, that provides a combination of policy led, technical and operational security initiatives, that help us manage those risks.

To demonstrate our commitment to our information security principles, we aim to achieve the following objectives:

  • To be recognised as a trusted organisation by our business clients and consumer customers, and partners, by maintaining an internationally accredited ISO 27001 certified information security management system.
  • To maintain proactive information security awareness activities across our enterprise.
  • To maintain compliance with Data Privacy regulations and standards.
  • To ensure services delivered to our business clients and consumer customers, partners and internal business processes are not disrupted unnecessarily.
  • To ensure we can demonstrate our compliance with customer contractual security requirements and exceed expectations whenever possible.
  • To protect our knowledge, know-how and intellectual property and that of our partners and business clients from unauthorised use or exploitation.
  • To ensure our information security principles propagate throughout our supply chain.
  • To enhance our competitive advantage wherever possible through the promotion of our high standards and adopted best practice for information security.
  • To continually improve our information security management system and practices.

These objectives are revalidated at least annually by the CEO.

Security management

Information assets are identified, assessed for risk, and appropriately protected.

Information security risks are captured and managed in accordance with a formal process.

Information security training is available to all employees, including temporary workers and contractors.

Security policies covering IT systems, personnel security, facilities, supply chain assurance, business continuity and the collection, use, sharing, retention, and disposal of information are implemented and adhered with.

All actual or suspected breaches of information security will be reported to and investigated by the Information security team.

Our management system and information security controls are regularly assessed to evaluate effectiveness and ensure compliance.

Management will conduct a review of the ISMS at least annually to determine its effectiveness and drive continual improvement.

Responsibilities

Senior management assumes overall accountability for information security and is responsible for ensuring that the information security management system meets its intended outcomes.

Senior management has appointed an Information security team that is responsible for operational management of the information security management system, including reporting on its effectiveness to the CEO.

An Information security committee has been established that oversees the management, maintenance, performance and improvement of management system policies and controls.

Information asset owners are appointed with responsibility for identifying and classifying their information assets and addressing risks.

Managers at all levels are responsible to ensure compliance with our management system within their areas of responsibility.

All our employees, contractors and relevant partners and suppliers are required to comply with our information security management system. Breaches in compliance are earnestly considered and may lead to disciplinary action or the termination of contracts.

Approved by: Nikhil Patil Date: 24th March 2022
Title: CEO
Version: 2.0

Take a look at our Certifications & Accreditations.