Management Statement

D e c l a r a t i o n

of BALKAN GAS HUB EAD Management

SUBJECT:
INFORMATION SECURITY POLICY

Based on its own and leased infrastructure, the company Balkan Gas Hub EAD establishes and operates an electronic platform providing conditions for conclusion of bilateral transactions and stock exchange market with physical and non-physical products – natural gas, energy products, energy carriers, energy green and white certificates, carbon emissions and other energy consumption products.

The provision and maintenance of reliable information solutions that meet the high requirements of the company's customers are a major factor for successful business implementation of BALKAN GAS HUB EAD.

The electronic trading platform and its related accompanying services offered by the Company such as provision, operation and maintenance of a specialized electronic trading platform for energy and energy-related products - natural gas, through access to it; provision, maintenance and administration of the user accesses necessary to carry out exchange trade, meet all information security requirements.

Our willingness and strategic goal is to satisfy the needs and expectations of our current and potential customers related to the secure information services ensured and provided by us.

Considering the importance of information security and protection of personal data, BALKAN GAS HUB EAD management is committed to:

  • develop and maintain information security policies and goals for their achievement, in full compatibility with the organization's development vision;
  • to create conditions for full and comprehensive integration of the Information Security Management System into the processes operating in the organization;
  • provide all the necessary resources for establishment, implementation, operation, monitoring, review, maintenance and improvement of the Information Security Management System (ISMS), according to the requirements of the international standard EN ISO/IEC 27001:2017;
  • promote the importance of the efficient management of the Information Security Management System and compliance with its requirements, by developing and implementing mechanisms aimed at supporting and stimulating its employees to contribute to improving its effectiveness;
  • assert its leadership role and position regarding the continuous improvement of the Information Security Management System in the organization.

The Information Security Management System aims at creating conditions for information protection in terms of:

  • AVAILABILITY - The information that is processed and stored in the company BALKAN GAS HUB EAD and the information assets related to it, must be available and accessible for use by the authorized persons, whenever this is necessary.
  • INTEGRITY - The company BALKAN GAS HUB EAD provides protection in terms of integrity and completeness of the information that is processed and stored in the organization, as well as the methods of its processing, with a view to preventing targeted, accidental, partial or complete destruction or unauthorized change of data in electronic and non-electronic form.
  • CONFIDENTIALITY - The information processed and stored by BALKAN GAS HUB EAD must be provided or disclosed only to authorized persons.
  • Personal data protection and integrity of individuals - The company's personal data protection policy is fully compliant with the Personal Data Protection Act and the regulatory documents of the European Union (Regulation EU 2016/679 - General Data Protection Regulation).

The company's personal data protection policy is fully compliant with the Personal Data Protection Act and the regulatory documents of the European Union (Regulation EU 2016/679 - General Data Protection Regulation).

BALKAN GAS HUB EAD management declares its intention and responsibility to maintain the objectives and principles of information security and personal data protection, in accordance with the vision and business goals of the organization.

The identification and assessment of information security risks and the probability of their manifestation shall be carried out by applying a process approach, taking into account any changes in security requirements, the risk environment and the priorities of risk treatment.

In the company BALKAN GAS HUB EAD, risk acceptance criteria have been defined and approved, in accordance with the nature of the organization's activities, technical capabilities, regulatory requirements, and financial, social and human factors. The identified risks shall be treated by applying relevant control mechanisms in accordance with standard EN ISO/IEC 27001:2017, Annex A.

The legal requirements related to the Information Security Management System are determined in accordance with the Personal Data Protection Act, the Cyber ​​Security Act, the Electronic Document and Electronic Signature Act, the Accounting Act, the Classified Information Protection Act, the Copyright and Related Rights Act, the Electronic Commerce Act, the Electronic Communications Act, the Competition Protection Act and the Disaster Protection Act, Regulations and Directives of the European Union, as well as with the international standard EN ISO/IEC 27001:2017.

In order to implement this Information Security Policy and to ensure the functioning of the Information Security Management System in BALKAN GAS HUB EAD, a person responsible for the Information Security Management System has been appointed and an Information Security Council has been set up.

BALKAN GAS HUB EAD employees undertake to comply with all rules related to information security, described in procedures, policies, instructions and other documents of the Information Security Management System.

The Information Security Policy states that disciplinary actions will be taken against violators of its regulations and provisions.

This Information Security Policy will be regularly reviewed to ensure its relevance, adequacy and effectiveness, but not less than once a year, as well as in the event of significant changes in the organizational environment, business circumstances, applicable legislation and the technical environment.

This Information Security Policy is disclosed to all BALKAN GAS HUB EAD employees, as well as to all interested parties.

EXECUTIVE DIRECTOR OF BALKAN GAS HUB EAD
KIRIL DIMCHOV RAVANACHKI
Sofia, 28.10.2022