Information Security Management Policy of Česká Pošta, s. p.

Declaration

Česká Pošta, s. p. (hereinafter referred to as the “Company”) has implemented an Information Security Management System (hereinafter referred to as the “ISMS”) in accordance with applicable legislation as a tool for the successful management of all its processes, the continuous improvement of their quality, performance, and security, and thereby the strengthening of its competitiveness in the area of products and services provided.

The Company’s objective is to ensure the adoption of appropriate organizational and technical measures to guarantee the required level of quality and cybersecurity. This objective is achieved through the operation, monitoring, maintenance, and continuous improvement of the documented ISMS in the context of the risks and requirements placed on the Company.

The Company’s ISMS principles and policies in the areas covered by Act No. 264/2025 Coll., on Cybersecurity, and its implementing regulations:

Centralized management of the ISMS is ensured, encompassing quality management, IT service management, and information security management.

  1. Compliance with and fulfillment of normative, legislative and internal regulations in all areas of the SŘBI.
  2. Consistent use and continuous improvement of standardized procedures, proven technologies and other measures to ensure the full functionality and reliability of the Company's SŘBI.
  3. Planning and implementation of organizational and technical measures is always focused primarily on maintaining and improving the quality of services, ensuring confidentiality, availability and integrity of information, minimizing threats, vulnerabilities and risks with regard to efficiency, economy and compliance with the established level of risk acceptance.
  4. The Company's management undertakes to create conditions and ensure the development and continuous improvement of the performance of the SŘBI as well as the continuous monitoring and evaluation of its effectiveness from the perspective of the effectiveness and sufficiency of the measures implemented.
  5. The duties, responsibilities and powers of persons participating in the effective functioning of the SŘBI are defined.
  6. Awareness raising in the area of ​​the SŘBI is carried out for all employees of the Company at the beginning and during the employment relationship with regard to their role in the SŘBI, thus ensuring a constantly increasing level of awareness of the procedures, rules and measures in this area.
  7. Supplier relationship management, including identification and assessment of risks, determination of clear and precise rights and obligations and demonstrable information, is carried out at the beginning and during the contractual relationship.
  8. The status and functioning of the Company's SŘBI is regularly audited and reviewed.
  9. Violation of the rules, procedures and security measures of the SŘBI is considered a gross violation of internal regulations and contractual relations.