Introduction

This Security Policy (hereinafter referred to as the “Policy”) is a document to determine the key principles and requirements aimed at:

  • protection of the activity, interests, material values, and information resources of Selvic Shipping Services Limited and its customers,
  • prevention of intentional and unintentional actions of natural or artificial nature, and unfair competition
  • compliance with the applicable statutory regulations.

Selvic Shipping Services Limited employees, partners, contractors, and other staff are required to comply with this Policy and take personal responsibility in respect to safeguarding Selvic Shipping Services Limited’s resources.

Who are we?

When this Policy mentions we, us, or M9 Logistics, it refers to M9 Logistics Affiliate, its employees and partners, as well as M9 Logistics Limited, a company registered in England and Wales with a number 08269826 (M9 Logistics). These security measures do not guarantee complete protection. The information contained in this Policy is for current or potential customers and suppliers and should not be distributed to others without our permission.

Who can you contact for privacy questions or concerns?

If you have questions or comments about this statement or how we handle personal data, please direct your correspondence to:

Selvic Shipping Services Limited
Data Protection Officer
Mariner House Trondheim Way, Stallingborough, Grimsby, North East Lincolnshire, England, DN41 8FD

You can also email info@selvic.co.uk .

We aim to respond within 30 days from the date we receive privacy-related communications.

Security Organisation

This policy defines:

  • the objectives and tasks of the security system
  • Security system organization, functioning principles, and legal grounds
  • types of security threats and resources to be protected
  • the main development principles of the security system, including legal, organizational and engineering and technical protection.

Selvic utilizes the policy based on applicable legislation, governmental acts, and local law. All new hires are required to undertake a series of training sessions, which address partner and staff responsibilities as they relate to our Code of Conduct, our policies and procedures, information security, and privacy.

The main objectives of the security organization shall be as follows:

  • Provision of the stable functioning of Selvic  and prevention of its security threats
  • Protection of the legal interests of the organization from unlawful encroachments
  • Protection of our personnel’s life and health
  • Non-admission of larceny of financial and material and technical facilities, destruction of property and values
  • Non-admission of disclosure, loss, leakage, distortion, and destruction of proprietary information
  • Non-admission of violation of operation of technical facilities
  • Provision of the operational activity

Security objects of Selvic:

  • Human resources
  • Financial resources
  • Data information resources
  • Information systems and networks
  • Material resources
  • Technical facilities, security, and protection systems of material and information resources.

Human Resources Security

Before employment, each candidate shall voluntarily fill in a questionnaire form and shall be assessed in an interview process. The personal data provided by the candidate shall be checked and securely stored in accordance with our privacy policy. In any questions arise after the questionnaire has been checked, our HR Department may organise an additional interview for the candidate.

Our recruitment process aims to swiftly integrate new employees into our corporate standards and office environment. A unique introduction plan shall be developed for each new employee. During an employee’s probation period, at least 2 meetings will be held with the HR Department to check their training progress and fulfillment of tasks, in addition to identification of issues related to his/her work. The decision on completion of the probation period shall be the mutual decision of a direct supervisor and HR. Before completion of the probation period, the employee must:

  • pass their required training courses
  • accomplish all of their tasks in accordance with the Introduction Plan
  • successfully solve the current tasks related to the functions imposed on him/her
  • absolutely comply with the position held.

Security awareness training is a component of our hiring process. An awareness program reinforces the concepts and responsibilities defined in the Security Policy.

The Selvic Code of Business Conduct and this security policy address the appropriate use of the information, tools, and technologies. Those who violate the Code or our policies and procedures will be subject to the sanctions established by the labor legislation in force, up to and including dismissal, depending on the seriousness of the violation. The measures aimed at assessing the employees, control of the general satisfaction of the employees, commitment to the operation principles, and involvement in the operation processes are exercised at Selvic permanently.

Selvic has established documented termination processes that define responsibilities for the collection of information assets and the removal of access rights for professionals who leave the Company. For the dismissal procedure, the employee shall have a Dismissal Checklist approved by the responsible officers. The Dismissal Checklist shall provide control over the absence of any violations of the dismissal procedure of the employees. An HR manager shall conduct a talk with all dismissed employees for the purposes of finding out the reasons of their dismissal.

Financial Security

All financial operations shall be accurate, correct, and at a sufficient level of detail recorded by accounting, and shall also be documented and available for checking. Employees bear a personal responsibility for the collection, preparation, and provision of the complete financial data according to applicable legislation. Distortion or falsification of the financial data shall be strictly forbidden and shall be deemed as fraud.

Selvic performs an internal and external financial audit and checks the completeness and correctness of data in our accounting records on a regular basis. This is conducted alongside observation of the requirements of applicable legislation and internal regulatory documents, including principles and requirements established by this Policy. Within the framework of internal control procedures at Selvic, checks of implementation of key business processes shall be carried out, including random legality checks of the payments to be affected, their economic feasibility, as well as expediency of expenditures, for the subject of confirmation by initial accounting documents and compliance with the requirements of this Policy.

Selvic evaluates the legal and credit risks of clients and contractors. Each counterparty shall provide us with as much information as we may reasonably require to ensure that the Counterparty complies with applicable law and our own policies. Such information may include the Counterparty’s company registration number, details of its jurisdiction of incorporation, certified copies of letters from any relevant credit rating agency, and any other information that we may reasonably require to carry out independent verification.

Information Security

Information is a valuable and vitally important resource for us. Selvic shall take related measures aimed at data protection against an incidental or intentional change, disclosure, or destruction, as well as for the purposes of observation of confidentiality, integrity, and availability of the information, and provision of the process of automated data processing.

Our primary actions aimed at the protection of information are:

  • preservation of the confidentiality of crucial information resources
  • provision of continuous access to information resources aimed at supporting business activity
  • protection of information integrity for the purpose of maintaining Selvic’s capabilities to render high-quality service and make efficient managerial decisions
  • raising awareness of the users about the risks related to information resources
  • determining the extent of responsibility and obligations of employees regarding information security.

Selvic’s IT organization has established and maintains controls over several operating procedures:

  • Security Software Suite, including a virus protection software package, spyware detection and removal of malicious software, desktop firewalls, secure remote access (VPN) software and URL filtering software
  • System Backup. Data center systems are routinely backed up for disaster recovery purposes
  • Wireless Networks. Only IT-managed wireless networks are permitted on our network
  • Network Security. All data center internet access points feature firewall segregation
  • Authorization and Authentication Controls. Selvic has established documented procedures for secure creation and deletion of user accounts, including processes to disable and/or delete accounts of employees temporarily away from the Company. All our partners and staff are required to agree to take reasonable precautions to protect the integrity and confidentiality of security credentials
  • Privileged Access. Access to authentication servers at administrative, root, or system levels is limited to those professionally designated by us
  • Password Requirements. Our security policy establishes requirements for password changes, reuse, and complexity.

Material Resources Security

Security of material resources and infrastructure is provided as follows:

  • Physical access controls are implemented at all our offices. Controls vary by location, but typically include card-reader access to facilities, on-premises security staff, and defined procedures for visitor access control.
  • Organization of access control arrangements at Selvic facilities and access management control systems.
  • Provision of security with the use of licensed security contracting organizations.
  • Organization of a video surveillance system.
  • Organization of a compliance check of employees with the requirements of the Code of Business Conduct.

Introduction of Changes and Incident Management

If any inefficient provisions of this Policy or the related business processes of Selvic are discovered, or if the requirements of the applicable law are revised, Selvic shall arrange development and implementation of a plan of action to update this Policy and/or business processes.

Selvic does hereby require that its employees comply with this Policy, informing them of the key principles, requirements, and sanctions for infringements. The employees, regardless of the position taken, shall be held personally liable for compliance with principles and requirements of this Policy, as well as the actions (inactivity) of individuals subordinate to them who infringe on these principles and requirements. Since Selvic may be subject to sanctions for participation of its employees, contractors, and other persons in illegal activity, on each reasonably grounded suspicion or based on a discovered fact of infringement on this Policy, internal investigations will be initiated within the frameworks permitted by applicable legislation.

Persons guilty of violation of the requirements of this Policy can be brought to disciplinary, administrative, civil-legal, or criminal responsibility on the initiative of Selvic, law enforcement bodies, or other persons in accordance with the procedure and on the grounds envisaged by local legislation, internal documents of Selvic’s local regulatory acts and labor contracts, as well as, when applicable, and upon available grounds.