Declaration on the Implementation of the Privacy Protection (Data Security) Regulations
Psiphas Psychological Applications Ltd. specializes in psychometrics, the development and management of personnel assessment systems, and the design and adaptation of tools (tests, questionnaires) for evaluating abilities, personality traits, and integrity. The company also develops tools and systems for employee evaluation and provides consulting and research services in the fields of assessment, selection, and psychometrics.
The company operates in full compliance with the principles of information security and privacy protection, in accordance with the requirements of the Privacy Protection Law and the Privacy Protection (Data Security) Regulations, 2017, Amendment 13, and the guidelines of the Israeli Privacy Protection Authority.
Implementation of Security Controls
The company implements the following security controls required by the Privacy Protection Regulations and Amendment 13 to the Law:
Appointment of an Information Security Officer
The company has appointed an Information Security Manager who possesses the appropriate qualifications, knowledge, and training to lead the required information security processes. As part of their role, the manager is responsible for managing the security work plan, conducting risk management, approving security procedures, and overseeing security controls.
Information Security Policies and Procedures
Psiphas maintains an Information Security Policy and a set of supporting security procedures, which are updated annually and approved by company management.
These procedures outline the security principles guiding the company’s operations in areas such as:
-
protection of information assets,
-
user and access management,
-
security in employee recruitment and management processes,
-
physical and environmental security,
-
data backup and recovery,
-
monitoring, incident investigation, and disaster recovery,
-
employee privacy protection.
As part of its commitment to implementing the requirements of ISO 9001 and ISO 27001, the company continuously improves its procedures and ensures full compliance with these standards.
Security Awareness
The company conducts information security awareness activities to increase employee understanding and engagement. Regular training sessions are held on information security and privacy protection, including updates on current risks, cyber threats, confidentiality principles, and the necessary actions to prevent information leakage or unauthorized use.
The company emphasizes fostering an organizational culture that promotes high employee awareness and active participation in information security matters, encouraging proactive reporting of irregularities or suspected violations of procedures.
Audits
The company performs annual risk assessments as part of its information security certification processes. These assessments are reviewed by an external body. Additionally, periodic penetration tests are conducted to evaluate security levels and systematically address identified issues, ensuring continuous improvement of the organization’s resilience and systems security.
Outsourcing
The company maintains structured outsourcing processes for managing engagements with service providers, with an emphasis on maintaining confidentiality and information integrity.
Information Security
The company implements a comprehensive and advanced information security control framework, aligned with legal and regulatory requirements.
Its goal is to ensure optimal protection of its infrastructure and secure management of all organizational data through a combination of technological and managerial methods, including:
-
advanced encryption mechanisms,
-
system hardening processes,
-
cybersecurity protection systems,
-
regular backups,
-
identity and access management,
-
frequent software updates.
All these measures aim to maintain a secure technological environment, fully compliant with regulatory requirements and committed to safeguarding information privacy.
Last Updated: October 15, 2025