Information Security Policy Statement

Information Security Policy Statement

At Athens International Airport (AIA), maintaining the confidentiality, integrity, and availability of data, as well as the security of systems and networks is a strategic priority. Information security underpins the airport’s resilience, regulatory compliance, customer trust, and business reputation.

The Information Security Management System (ISMS) sets expectations for all individuals within the organization, and the collaborating entities, ensuring a consistent and secure approach to information management. In turn, the Information Security Department is the guardian of the corporate Cyber Security Strategy, implementing, maintaining and monitoring organization wide information security policies, standards, guidelines and procedures along with awareness and training programmes. It is also responsible for identifying, assessing, and addressing information security risks across the organization and ensuring the implementation of appropriate controls.

The establishment and continuous improvement of the ISMS, aligns to international and national standards and frameworks, including ISO/IEC 27001:2022, ISO/IEC 27002, the EU NIS2 Directive, and the General Data Protection Regulation (GDPR).

Information of either digital, physical, or verbal nature must be appropriately protected from risks. In this regard, AIA fosters a culture of ethical, secure, and responsible handling of information to early identify and mitigate threats from either internal or external sources.

AIA’s Information Security Policy is based on the following key security objectives, for the ISMS lifecycle from planning and implementation, to monitoring, evaluation, and continuous improvement:

• Safeguard data confidentiality, integrity and availability;

• Ensure the continuous availability of critical systems and services;

• Detect, report, resolve and recover from security incidents on a timely and effective manner;

• Ensure compliance with all relevant legal, regulatory, and contractual information security obligations;

• Support business initiatives and mitigate security risks;

• Strengthen stakeholder confidence in AIA’s security posture;

• Promote a proactive and risk-based approach to information security management;

• Optimize resource utilization for information security controls;

• Ensure employees and partners are aware of and competent in their security-related responsibilities;

• Continuously improve the Information Security Management System (ISMS) to adapt to emerging threats and changes in the business environment.

Responsibilities and Expectations

AIA Management is committed to providing required resources, leadership, and governance necessary to successfully implement this policy. All employees, contractors, and third parties are required to comply with AIA’s information security policies, standards, and procedures, and to actively contribute to the protection of the organization’s information assets.

This policy is publicly available and communicated to all stakeholders to demonstrate AIA’s ongoing commitment to protecting information and maintaining a robust security posture.