Information Security Policy

EFFECTIVE DATE: 22.09.2023.

We wrote this Information Security Policy to help you understand how Mireo d.d. protects information assets. If you have any questions or comments about this Information Security Policy, please do not hesitate to contact us.

For any questions regarding our Information Security Policy you can contact us:

  • by email (
  • by visiting a page on our website (
  • by phone number (+385 1 6636 966)
  • by post (Buzinski prilaz 32, 10010 Zagreb, Croatia)


The nature of business of Mireo d.d. requires the exchange of information both internally and with external customers, partners and other business stakeholders. To maintain the continuity of our business, it is important to take measures aimed at protecting information assets from all internal and external, intentional or accidental, threats to the confidentiality, integrity and availability of information.

Bearing this in mind, the management of Mireo d.d. formulates the principles of Information Security Policy:

  • Maintain the integrity of information to ensure its continued accuracy and applicability
  • Ensure the confidentiality of information and protect it from unauthorized access and abuse
  • Build relationships and maintain communication with business stakeholders while understanding one's own context and the needs and expectations of stakeholders
  • Make information and information systems available to stakeholders in accordance with business needs
  • Carry out the identification, analysis and assessment of information security risks regularly in the planned periods
  • Base decisions and actions on the results of regular information security risk assessment
  • Through education and training, ensure the awareness and ability of employees for information security
  • Ensure the satisfaction of legal, regulatory and contractual requirements, as well as other information security requirements that we have undertaken to comply with, with the applied information security measures
  • Ensure adequate control and constant improvement through measurable goals and monitoring of system performance and applied information security measures
  • Promptly report threats to information security to the competent persons for information security management
  • Investigate and analyze security incidents and initiate appropriate actions to eliminate the causes of threats and reduce risks
  • Develop, maintain and test security incident recovery and business continuity plans

In order to fulfill these obligations and ensure the appropriate level of control necessary to demonstrate compliance with the adopted processes, our policy is to maintain a functional and effective Information Security Management System (ISMS) that is established, maintained and improved in accordance with the requirements of the international standard ISO 27001.

The management is responsible for communicating the Information Security Policy to all persons working in the company or for Mireo d.d. and making it available to the public.


We reserve the right to amend this Information Security Policy without prior notice to reflect technological advancements, legal and regulatory changes and good business practices. If we change our information security practices, a new Information Security Policy will reflect those changes and the effective date of the revised Information Security Policy will be set forth at the top of this Information Security Policy.


If you have any questions or comments about this Information Security Policy, please do not hesitate to contact us by:

  • E-mailing us at; or
  • Writing to us at Mireo d.d., Buzinski prilaz 32, 10010 Zagreb, Croatia