Security requirements Contractor

Technical and Safety Requirements for the contractors/suppliers of Aspena, s.r.o.,
ID 60751185 and ID 35845040, valid and effective from 15 June 2026.

This policy sets out the basic technical and security requirements for contractors/suppliers working with Aspena. It is aimed to ensure the protection of data, information, and systems during the provision of services. The Aspena companies reserve the right to update these requirements, to require compliance with them during the course of the cooperation, and to terminate the cooperation with any contractor/supplier who is unable to demonstrate compliance with these requirements by themselves or any of their subcontractors.

1.     Protecting access and systems

  • The contractor is required to use the login credentials only personally, not to share them with third parties, and to store them only in a secure manner (e.g., in an encrypted password manager). 
  • Access to systems is non‑transferable and must be protected by appropriate means (e.g. strong password, biometrics). 
  • In the event of suspected account misuse, the client must be notified immediately of IT incidents – incident@aspena.cz

2.    Equipment and environmental safety

  • Work must be performed only on a secure device that has an up‑to‑date operating system, antivirus protection, and a firewall enabled.
  • The contractor is required to protect the equipment against unauthorised access, in particular by locking it when leaving the workplace.
  • The use of public or shared devices is prohibited. Connection must be via a secure network (Wi‑Fi with password, VPN or encrypted access).

3.    Data and information protection

  • All data and information provided by the client is confidential. 
  • The contractor is required to protect it against loss, misuse or unauthorised disclosure.
  • Data may only be processed in environments and tools approved by the client.

4.    Data transfer and storage

  • Data may only be transferred and stored using approved tools and secure transfers.
  • It is forbidden to store data in an unauthorized storage (e.g. personal cloud storage, unencrypted external media, email clients, etc.) or share it other than through approved tools and translation environments.

5.    Rules for working with data

  • The contractor is required to minimize the storage of data in local devices and remove temporary files upon completion of the work.
  • It is prohibited to make copies, images or other records of the data without the consent of the client.

6.    Use of tools and technologies

  • It is prohibited to use unapproved tools, especially online compilers, generative AI or other services that could compromise data security.

7.    Protection of the working environment

  • The contractor is required to ensure that third parties cannot access the information during the work (e.g. from the screen of the device).

8.    Reporting security incidents

  • Any suspected security breach or incident must be reported immediately to the client’s IT Incident Response Team – incident@aspena.cz