Content of the WWW pages of the Prague Stock Exchange
The entire content of the pages of the Prague Stock Exchange, a. s. (hereinafter referred to as the "Exchange"), serves only for information purposes. The content of the Exchange pages was obtained from sources the Exchange qualifies as reliable. The Exchange is not responsible for correctness, completeness and topicality of the content, with the exception of the information published in accordance with the Decree No. 355/2004, Coll.
The Decree No. 355/2004, Coll., defines the form, time and manner of publishing the price for investment instrument admitted to trading on regulated market and form of Securities Commission informing about utilization of internal information and about manipulation with the market. In the course of Exchange day the Exchange publishes on its internet web site on the address www.pse.cz, the current continual information on trading in all issues registered on the Exchange markets with delay 15 minutes and, on each Exchange day, after 17:00 makes accessible, on that address, the final Exchange trading results, i. e. the Price-List. If the Price-List is not accessible on the Exchange's www site, an abridged form of the Price-List is accessible on teletext pages 531 - 543 of the ČT 1 channel. In the case where electronic media are not functioning, the official Price-List is available from the official statutory board installed by the Exchange in the entrance hall of Exchange Palace (Burzovní palác) at Rybná street No. 14, Praha 1.
The content of the Exchange pages is continually renewed and adjusted. The Exchange reserves the right to change any part of the content of its pages or to remove the same anytime without previous notification.
Any whatever use of the Exchange pages or a part thereof in way other for users' own needs, especially their further distribution, copying, further processing, adjusting or recopying is prohibited. Any interference in the technical or factual character of the Exchange pages is forbidden as well. Their using for purposes other than user's own needs qualifies for unauthorised infringement of the Exchange's rights and, simultaneously, may qualify for unauthorised infringement of rights of those entities whose information may form integral part of the content of the Exchange pages.
Responsibility, liability and guarantees
The Exchange is not responsible for correctness, completeness and topicality of the Exchange pages, with the exception of the information published in accordance with the Decree No. 355/2004, Coll., issued by Ministry of Finance (MF) of the Czech Republic (CR).
Neither is the Exchange responsible for any whatever direct or indirect damage occurred in connection with communication and use of the Exchange pages nor is it for damage occurred due to their partial and/or full malfunctioning.
The Exchange cannot guarantee the option of the connecting and perfect functioning of the Exchange pages nor is it liable for any whatever direct or indirect damages resulting from impossibility of connecting to these pages and/or impossibility of using their content.
The Exchange is not responsible for content of the www pages that are accessible via the Exchange pages, nor is it for obligations of parties (persons) offering, providing or brokering services on such www pages.
The Exchange is not responsible for content of www pages enabling connection to the Exchange pages, nor is it for obligations of parties (persons) offering, providing or brokering services on such www pages.
Approach to the protection of processed information
Prague Stock Exchange („PSE“) consider the protection of processed information as its priority. PSE takes the protection of its information as well as its client’s information as a set of defined and strictly managed rules which target is to protect all important immaterial assets.
The aforementioned companies consider the protection of information processed in the IS of the PSE an important component of activities carried out by all users of the system and pay appropriate attention to it. The directors and officers are in accordance with the scope of their authorities ready to enforce the objectives, principles and rules set forth herein and to follow them in order to make sure that information security of the PSE complies with relevant legal regulations, decisions made by surveillance authorities, binding methodologies issued by market regulators and business needs of the PSE.
The methodical basis for information security solutions are the CSN ISO/IEC 27000 series standards (hereinafter referred to as „standards“).
The protection of all own and entrusted information is secured by proprietary „Information Security Management System“ („ISMS“).
PSE’s ISMS Applicability
The applicability of the PSE’s ISMS is determined by the purpose and scope of the PSE’s IS, its architecture, and composition. It includes all assets regardless of their type. The management of the PSE is responsible for the whole PSE’s IS and thus for the security of information that the PSE’s IS handles.
The PSE’s ISMS represents an implementation of security and functionality requirements set forth in the standards. The principles and rules of information security specified in the basic security documentation of the ISMS are binding for the whole PSE’s IS.
The PSE’s ISMS applies to all the parts of the organization structures of the PSE’s companies and to all users of the PSE’s IS (regardless of their position within the organizational structure of the particular PSE member) coming into contact with the information in the PSE’s IS, including external users that are handling information in the PSE’s IS. The PSE’s ISMS also applies to all premises of the PSE and premises of the back-up (disaster recovery) office.
The Information Security Management System covers all processes and measures related to the protection of processed information and its storage sites and to the overall security of the PSE’s IS operation. The ISMS contains security elements and measures protecting the confidentiality, integrity, authenticity and accessibility for both automated and non-automated information processing in all areas of PSE’s activities. The ISMS provides security functions of the PSE’s IS and specifies security rules for all users of the PSE’s IS.
Information Security Objectives
The main security objective is:
- to ensure permanent and efficient security of the PSE’s IS and the information it processes concerning the protection of its accessibility, confidentiality and integrity and thus to ensure the indisputability of selected operations with the information and elements of the said IS,
- to reduce threats and vulnerabilities to an acceptable level and subsequently also minimize the risks,
- to eliminate or at least to reduce to an acceptable level all potential risks endangering the IS through using suitable measures,
- to ensure that the potential damage concerning both the PSE’s IS and other related tangible and intangible assets of the PSE members is minimized,
- to reach the required level of responsibility of the employees of individual PSE members,
- to meet the basic objectives of the IS security in any situation and under any conditions of the PSE’s IS servicing its purpose.
Basic Security Rules
The basic rules of information security within the PSE’s IS are as follows:
- An access to the IS information and services is provided only in the scope necessary for the completion of the assigned work (i.e. “need to know” principle).
- Every person (subject) authorized to access the PSE’s IS has defined rights and responsibilities.
- Protected information is subject to relevant confidentiality, integrity, accessibility, and undeniable responsibility.
- Access to PSE’s information and IS services is managed and monitored.
- Preventive security precautions, including operations-continuity plans are preferred to a consequential elimination of undesirable consequences.
- All users of the PSE’s IS are held responsible for protection of information and observance of security rules and principles.
- Security requirements are applied and implemented in all phases of PSE’s IS development and operation.
- Users’ training and education in security is one of the tools helping to prevent the occurrence of undesirable events.
- Employees PSE key positions in the area of the PSE’s IS development and administration are sufficiently replaceable.
- Any breach of security policies triggers relevant consequences.
- The principle of “clear monitor screen” is reasonably applied within the access management.
Basic Principles of PSE’s ISMS
The intention of the PSE’s governing body is to manage the security of the PSE’s IS in compliance with the requirements of standards, to coordinate the implementation of security measures in accordance with the scope of activities and responsibilities of individual managers and also pursuant to the below-specified principles stemming from the practical application of recommendations specified in standards.
The principles underlying the PSE’s ISMS are as follows:
- Principle of Responsibility – the enforcement of set principles, rules, and processes related to information security is always connected with individual responsibility of specific persons.
- Principle of Integration – information security policy is enforced by the comprehensive management system which integrates and coordinates activities carried out by all involved internal departments of PSE members and concerned external subjects.
- Principle of Compliance – all established principles, rules and operating processes are in compliance with legislation of the Czech Republic, with all contractual arrangements and with the requirements of standards.
- Principle of Awareness – all the users and all subjects with an access in/to the PSE’s IS must be appropriately familiarized with the valid principles and rules of PSE’s IS security and must be able to adequately apply the specified security measures.
- Principle of Verification – the implementation and observance of the information security principles, rules and procedures must be regularly inspected. Any deficiencies must be documented and corrected as specified.
- Principle of Continuity – the measures adopted in order to ensure information security must be applied continuously within the whole range of the PSE’s ISMS.
- Principle of Formalization – information security management must follow the unambiguously defined and described procedures. The integral part of the ISMS management also involves the tools of inspection and independent audit, which thoroughly verify the degree and quality of the adopted measures implementation.
- Principle of Efficiency and Proportionality – the information security is based on security measures ensuring maximum efficiency with minimum consumption of all resources. The measures are chosen in such a way to correspond with the value of protected assets and to reflect the real security needs of the PSE’s IS.
- Principle of Best Practices – the specified procedures and security measures are applied based on proven best practices recommended by the standards.
- Principle of Continuous Development – PSE’s ISMS counts on the continuous development of the PSE’s IS, the improving quality of its services and at the same time on the persistent enhancement of PSE’s IS security.