The MVM Group is a regionally competitive, future- and customer-oriented group of companies, which provides its partners with responsible, sustainable and secure energy supply and energy services parallel to continuous innovations. As a competitive market player on a dynamic growth path, it plans to continue its growth in the Hungarian market by expanding the services provided by its member companies, while abroad through acquisitions and investments. MVM Group's expanding portfolio covers the entire Hungarian energy system and is able to supply all parts of the energy value chain, from generation through distribution and trading to customers. With its complementary services (e.g. IT, telecommunications, financial services, security services), it is ready to provide a one-stop service for increasingly complex consumer needs.
MVM Ltd., in addition to its dominant economic role, places greater emphasis than ever on supporting research, development and innovation, and on expanding renewable energy resources. To achieve its goals and fully meet the needs of its partners, the company must also adapt to the demands of a constantly developing and ever-changing digital society. To achieve this, it is essential to keep pace with infocommunications trends, promote innovative solutions and develop enterprise mobility, bearing in mind the associated information security risks and the measures to address them.
In addition to the requirements of the present times, the MVM Group, due to its significant role in the energy market, is also affected by the changing level of terrorist threats, which does not only entail the tightening of physical defensive measures, but also requires the preparation for and proactive defence against attacks from cyberspace. The possibility of attacks against the energy sector, especially power plants, is a real threat, and according to professional studies, a cyber-attack against Hungary could potentially aim at disrupting the electricity supply. In the past few years, several power plants in Europe and the organisations operating them have experienced the consequences of such attacks, which means that information security, business continuity management and crisis management must be given increased attention within the MVM Group, too.
Taking all this into consideration, MVM Ltd. has a high priority interest in the regular review of information security measures and the continuous improvement of controls, emphasizing that the information assets managed by the Group must be protected against external and internal threats in order to preserve the confidentiality, integrity and availability of data. The safety division of MVM Ltd. promotes the enforcement and effective implementation of these principles through group-wide regulations and planned, regular safety audits.
The top management of MVM Ltd. has set the following key objectives and requirements to achieve the targets set:
• Maintaining up-to-date knowledge of, complying with and enforcing company legislation, regulations, the data protection law and international standards.
• Developing, keeping up-to-date and continuously improving the information security policy and other regulatory documents related to the information security system, setting, meeting and back-testing strategic objectives.
• Monitoring of possible new risks and security solutions arising from technological innovations, continuous development and other sources, monitoring of trends, continuous supervision, evaluation and development of our own systems.
• Ensuring the physical and logical protection of infrastructure and assets with state-of-the-art technical equipment and trained professionals.
• Preparing for possible crisis events, operating and maintaining a business continuity management system.
• Gathering experience from the 2020-21 crisis, reviewing and improving the emergency management system.
• Taking measures to prevent threats and security incidents, developing action plans and procedures to deal with any incidents that may occur, also keeping in mind business continuity requirements.
• Continuous training of staff and encouraging the employees to be security-aware, emphasising the importance of information security, raising awareness of possible risks and protection measures in order to develop security awareness.
• Ensuring the achievement of the set information security objectives, compliance with relevant instructions and procedures through regular audits and continuous management support.
• Due diligence on newly founded or acquired companies, with the aim of achieving an overall level of security.
The managers, employees and co-operating partners of MVM Ltd. are committed to the implementation of the objectives set out in the Information Security Policy, and contribute to the development and maintenance of a culture of information security by setting a personal example and assuming responsibility.
Budapest, 21 May 2022
Dr. Gábor Czepek