# List of Procedures

### **PERSONAL DATA**

*(PL: DANE OSOBOWE)*

* DO - 01 Personal Data Protection Policy
* DO - 01 Annex 02 Information Clause Templates - VERCOM Information Clauses
* DO - 01 Annex 04 Record of Processing Activities at VERCOM
* DO - 01 Annex 06 \[Template] 20YYMMDD-X Personal Data Breach Report
* DO - 01 Annex 08 Client Incident Reporting Procedure
* DO - 01 Annex 09 Executive Procedure: Selection of New Supplier and Software
* DO - 01 Annex 10 Data Subject Complaint Handling Procedure
* DO - 01 Annex 11 Procedure for Informing Clients of Changes to Contractual Documents
* DO - 02 IT System Management Instruction
* DO - 02 Annex 01 Disk Wiping Protocol
* DO - 03 Personal Data Risk Assessment Methodology
* DO - 03 Annex 01 Risk Assessment Sheet
* DO - 03 Annex 02 Supplier Assessment Questionnaire
* DO - 03 Annex 03 Internal Supplier Assessment Questionnaire
* DO - 04 Technical and Organizational Measures\_ ISO

### **DORA PROCEDURES**

* DORA-01 ICT Third-Party Risk Management Policy
* DORA-02 ICT Services Exit Strategy Procedure
* DORA-03 Contractual Requirements for ICT Providers

### **INFORMATION SECURITY PROCEDURE (PBI)**

* PBI - 01 Information Security Process Manual
* PBI - 01 Annex 01 Information Security Objectives
* PBI - 01 Annex 02 Asset Inventory
* PBI - 01 Annex 02-01 Vercom Inventory
* PBI - 01 Annex 03 Business Continuity Plan (BCP) Framework
* PBI - 01 Annex 03-02 Detailed BCP Test Report
* PBI - 01 Annex 04 Context of the Organization
* PBI - 01 Annex 05 Security Control Effectiveness Measurement
* PBI - 01 Annex 06 VERCOM Change Management Policy
* PBI - 01 Annex 06.01 Change Management
* PBI - 01 Annex 06.02 System Development Life Cycle (SDLC)
* PBI - 01 Annex 07 VERCOM Data Retention Procedure
* PBI - 01 Annex 08 Business Impact Analysis (BIA) Sheet
* PBI – 01 Annex 09 Test Plan with Test Scenario
* PBI - 01 Annex 10 \[CONFIDENTIAL] Disaster Recovery Plan
* PBI - 02 Information Classification
* PBI - 03 Security Incident Management
* PBI - 03 Annex 01 Incident Register
* PBI - 03 Annex 02 Event Report - TEMPLATE: Declaration of Personal Data Protection Incident at VERCOM
* PBI - 03 Annex 03 Report Phishing
* PBI - 03 Annex 04 Incident Reporting
* PBI - 03 Annex 05 \[CONFIDENTIAL] Post-Intrusion Analysis
* PBI – 03 Annex 06 \[CONFIDENTIAL] Guidelines and Definitions regarding Incident Response Capabilities at Vercom
* PBI – 03 Annex 07 \[CONFIDENTIAL] Incident Response Report
* PBI - 03 Annex 08 Event Report
* PBI - 03 Annex 09 - Executive Procedure - Detection of Anomalous Events on Client Account in the Platform
* PBI - 04 Use of IT Resources by Users
* PBI - 04 Annex 01 Access Management Instruction at VERCOM
* PBI - 04 Annex 02 \[CONFIDENTIAL] Security and Cryptographic Key Management Procedure
* PBI – 04 Annex 03 External Media Request
* PBI – 04 Annex 01-03 Access Rights
* PBI - 04 Annex 01-04 Employee Statement - Access Card Receipt
* PBI - 04 Annex 01-05 Laptop Handover Protocol
* PBI - 04 Annex 01-06 Phone Handover Protocol
* PBI - 04 Annex 01-07 Terms and Conditions for Use of Electronic Devices
* PBI - 04 Annex 01-08 User Statement
* PBI - 04 Annex 01-09 Authorization to Process Personal Data at Vercom S.A.
* PBI - 04 Annex 01-12 Access Rights Review Report Template
* PBI - 05 Use of Resources - Administrators
* PBI - 05 Annex 01 Hardware Change Management Procedure
* PBI - 05 Annex 01-01 - Change Request TEMPLATE
* PBI - 05 Annex 02 \[CONFIDENTIAL] Configuration Management
* PBI - 06 Risk Assessment
* PBI - 06 Annex 01 Risk Assessment Sheet
* PBI - 07 Statement of Applicability \[SoA]
* PBI - 08 VERCOM Vulnerability Management Process
* PBI – 08 Annex 01 Suggested Test Schedule
* PBI – 08 Annex 02 \[CONFIDENTIAL] Annual Audit Template
* PBI – 08 Annex 03 Single Test Report Template
* PBI – 08 Annex 04 \[CONFIDENTIAL] Established List of Publicly Accessible Hosts and IPs
* PBI – 08 Annex 05 \[CONFIDENTIAL] Vulnerability Risk Assessment Sheet (Classified Internal IT Document)
* PBI – 08 Annex 06 \[CONFIDENTIAL] Vulnerability Register
* PBI - 09 \[CONFIDENTIAL] Backup Management Policy / Personal Data Management in Cloud Computing
* PBI - 10 Procedure for the Use of Messengers and Online Collaboration Tools
* PBI - 11 \[CONFIDENTIAL] Secure Development Procedure
* PBI - 12 Artificial Intelligence Tools Usage Policy \[(II) PROTECTED INFORMATION]
* PBI - 13 Identity and Guest Access Management at Vercom S.A.
* PBI - 14 Password Management
* PBI - 15 Communication Procedure at Vercom
* PBI - 16 Business Partner Verification Policy
* PBI - 17 Third-Party Data Sharing Policy

### **CLOUD SECURITY POLICY**

*(PL: POLITYKA BEZPIECZEŃSTWA CHMURY)*

* PCH - 01 Identification and Supervision of Legal and Formal Requirements
* PCH - 01 Annex 01 Register of Legal Acts
* PCH - 02 Cloud Security Policy

### **INTEGRATED MANAGEMENT SYSTEM PROCEDURE**

*(PL: PROCEDURA ZINTEGROWANEGO SYSTEMU ZARZĄDZANIA)*

* PSYS - 01 Internal Audits
* PSYS - 01 Annex 01 Audit Schedule
* PSYS - 01 Annex 02 Audit Report
* PSYS - 02 Control of Documented Information
* PSYS - 02 Annex 01 List of Procedures and Instructions
* PSYS - 03 Corrective Actions and Non-Conformities
* PSYS - 03 Annex 01 Corrective Action Sheet
* ISMS Management Review Report