The Chairman of the Management Board of JSC NC KTZ oversees information security, reliability and efficiency of information systems, and production processes. The Chairman of the Management Board of the Company has an Information Security Service, whose main task is to increase the protection of the Company and its subsidiaries from possible damage.

An ongoing process of improving the information security management system (ISMS) is underway, and the latest tools and methods of protection against information security threats are being applied. The information security management system of JSC NC KTZ is certified according to the ISO 27001:2022 standard. Continuous training of employees of JSC NC KTZ is aimed at raising awareness of cybersecurity in the culture of the railway industry. Through the information security awareness portal, 2,245 employees of JSC NC KTZ were trained in the course "Security of confidential information" in 2024.

Every year, as part of the implementation of planned measures to monitor compliance with information security requirements, JSC NC KTZ conducts internal audits of the IT infrastructure and information security management systems. By the end of 2024, internal audits were conducted in 62 structural divisions and branches of the Company, which revealed 395 violations of information security requirements of varying degrees of criticality. Official reports have been compiled on each fact of violations identified and sent to the management of the relevant departments and branches to take measures to eliminate inconsistencies.

In order to maintain the operability of information systems and promptly respond to various emergency situations, the Company has Instructions on how users should respond to Information Security incidents (approved by Order No. 5-FZ dated January 10, 2022).

The instructions describe in detail the escalation process for employees reporting incidents, discovered vulnerabilities, or suspicious activity, ensuring that any information about an information security breach is quickly shared with the appropriate specialists for an immediate response.

 

Information Security Policy of the Joint Stock company National Company Kazakhstan temir zholy

 

 

Data protection policy for users