Baby Bloom
Baby Bloom

Information Security Policy

At Baby Bloom, we're dedicated to providing all our stakeholders with secure, high-quality services and products that meet customer-specific requirements and uphold strong security objectives. To achieve this, our Management ensures that our vision, business goals, Information Security Management System, and service integrity are all supported by top-tier human and technological resources.

Simultaneously, we are committed to protecting the security of all non-public information we process, as well as safeguarding the personal data and privacy of everyone connected to us.

Confidentiality, Integrity, and Availability of information are our top priorities. The Information Security Management System we've developed and continuously improve helps us deliver secure, reliable, and uninterrupted service to our customers and partners. It also guides us on how to organize and process information by setting the desired level of security.

To achieve all the above, the Management

Baby Bloom is committed to:

  • Maintaining an Information Security Management System (ISMS): We have adopted an ISMS that adheres to the International Standard ISO 27001:2022. This system applies to all our activities and organizational units, while fully respecting the legal and institutional frameworks relevant to our industry.
  • Implementing a Process Approach: We apply a rigorous process-based approach at both administrative and technical levels.
  • Continuous ISMS Review and Improvement: Through designated roles, we regularly inspect our ISMS to ensure its effectiveness and implement necessary corrective actions. We guarantee that our ISMS is consistently maintained and improved through a structured program of audits and reviews.
  • Providing Leadership for Information Security: Our management provides direct guidance and support for information security and personal data protection, aligning with our business and contractual requirements, and all relevant laws and regulations.
  • Investing in Our Employees: We provide all necessary means and resources to train and motivate our employees, encouraging their active participation in the continuous improvement of our ISMS.
  • Assessing Risks and Opportunities: We evaluate operational and technological risks and assess opportunities that arise from both our internal and external environments, which could impact our operations.
  • Selecting and Managing External Providers: We carefully select and assess our external providers, fostering mutually beneficial relationships.
  • Ensuring Policy Communication and Understanding: We ensure that all ISMS policies are communicated, understood, implemented, and maintained across all levels of our company.
  • Protecting Data Integrity: We guarantee the protection of all collected Personal Data in accordance with the Law of Ukraine "On Personal Data Protection" and the security of all information as defined by our ISMS Policies and Procedures. This ensures the integrity, confidentiality, and availability of all information and personal data, benefiting our business, employees, customers, and partners.
  • Establishing Proactive Security Mechanisms: We have put in place mechanisms to support the timely and rapid identification and prevention of information security threats, as well as effective responses when such threats occur.
  • Safeguarding Technology Investments: We protect our investments in information and communication technologies and raise awareness of the inherent risks within corporate information systems.
  • Setting Measurable Objectives: We establish measurable business objectives based on operational criteria. These objectives are consistently measured, analyzed, and reviewed to ensure they are achieved.
  • Committing to Continuous Improvement: Adopting the principle of continuous improvement, Management recognizes and rewards teamwork and individual effort, invests in people, respects our customers, and is committed to continuously monitoring operational risks, achieving company objectives, and updating and communicating this policy to all interested parties, as defined in our Information Security Management System.

On behalf of Baby Bloom

Yevhen Putivlenko CEO

Khmelnytskyi, Ukraine, July 2025