Company policy

QUALITY POLICY

The company PAPAPOSTOLOU specializes in the sales, distribution, and technical support of medical equipment. A core principle, commitment, and philosophy of every member of its staff is to provide customers with services that fully meet their contractual requirements, comply with relevant legislative and regulatory guidelines, and achieve the objectives the company sets for each project it undertakes.

Quality Policy

The Company recognizes that achieving Quality and continuous improvement across all its activities will be its most important advantage in today’s competitive environment. To this end, the Company documents its commitment and continuous effort to improve and achieve Quality through the policy it follows.
To achieve the above, PAPAPOSTOLOU’s Management:

Has adopted Quality Management Systems in accordance with the International Standards ISO 9001:2015 and ISO 13485:2016, as well as Ministerial Decision Υ.Α. ΔΥ8/1348/04, which it applies across the entire company and in all activities affecting the quality of its products and services, as well as customer satisfaction.
Continuously reviews and improves the characteristics of its products, where feasible, as well as the effectiveness of its Processes and, by extension, the entirety of its Quality Management Systems (QMS).
Sets measurable quality objectives at both corporate and operational levels. These objectives are established and assessed in terms of their achievement within the framework of the QMS Management Review by the company’s Top Management.
Provides the necessary resources for the uninterrupted, efficient, and effective operation of each department of the company.
Invests in the ongoing development, information, and training of its staff so that they deliver Quality in every activity they perform.
Monitors, measures, and evaluates critical parameters and Processes to ensure Quality.

By adopting the principle of continuous improvement, PAPAPOSTOLOU recognizes and rewards teamwork and individual effort, invests in people, and respects the customer.

ENVIRONMENTAL POLICY

PAPAPOSTOLOU’s Environmental Policy is the cornerstone for achieving the company’s environmental objectives. It is implemented through the Environmental Management System. Therefore, any change in the company’s environmental quality entails a corresponding modification of the System.
According to the Environmental Policy followed by the company, the System:

Is applied within the company based on a commitment by its Management
Is evaluated through established indicators
Is known to the entire company staff and is implemented by them
Is reviewed at defined intervals with the aim of improving it and continuously adapting it to the company’s development.

The environmental policy:

is available and kept up to date as documented information,
is communicated, understood, and applied within the company,
is made available to relevant interested parties, as appropriate.

For this reason, it is posted in a visible place at the company entrance, communicated to staff through relevant training, and kept on the company’s central server together with the entire management system.

Environmental Policy

Taking into account the ever-increasing importance of environmental protection, PAPAPOSTOLOU commits to meeting customer requirements while promoting sustainable development through better management of its natural resources, reducing environmental impacts, and continuous environmental monitoring of its activities.
Within the framework of a broader environmental protection philosophy, the company commits to implementing actions with the following main pillars:

Implementation of an Environmental Management System in accordance with the international standard ISO 14001:2015, aiming at continuous improvement of the company’s environmental performance.
Meeting compliance requirements for the company’s activities with applicable national and EU legislation and regulatory provisions.
More rational use of natural resources, energy, raw and auxiliary materials in production processes, while maintaining the quality of the produced product or service.
Reduction—with the ultimate goal of minimization where feasible—of the generation of liquid, solid, or gaseous waste.
Analysis of environmental impacts before adopting and introducing new production processes and products.
Continuous information, training, and encouragement of all staff for active participation in improving environmental performance.
Informing the company’s partners (customers, suppliers, subcontractors, government bodies, etc.) of the company’s commitment to reducing its environmental impacts.
Providing information to external bodies regarding environmental performance to support awareness and cooperation for broader environmental protection.
Introducing environmental programs aimed at achieving environmental objectives, reducing environmental risks, and preventing environmental accidents.
Systematic measurement, evaluation, and monitoring during the application of the principles of the environmental policy.
Continuous review of the environmental programs and objectives set by the company, aiming at continuous improvement of environmental performance and the creation of favorable conditions for sustainable development.

OCCUPATIONAL HEALTH AND SAFETY POLICY

The company’s Management is committed to implementing an Occupational Health and Safety (OHS) policy tailored to its activities, within which:

applicable legislation and other requirements to which the company has committed regarding OHS are implemented
the means are provided for the effective management of OHS issues related to the company’s activities
emphasis is placed on preventing impacts that the company’s activities may have on OHS
continuous improvement of the company’s OHS performance and the OHS Management System is established

The OHS policy is communicated to all employees under the company’s control, with emphasis on each person’s obligations, and is available to the public (interested bodies, services, etc.). Management’s declaration of its OHS policy is reviewed periodically to remain current and appropriate for the company. Daily implementation of the System by the company puts the OHS policy into practice.

Occupational Health and Safety Policy

PAPAPOSTOLOU specializes in the sales, distribution, and technical support of medical equipment. The company defines occupational health and safety as ensuring the well-being of its employees as well as any other person in areas where company work is carried out. This is achieved through:

identifying and assessing all potential risks arising both from the execution of work (routine and non-routine), as well as from any other activity of personnel who have access to the workplace (including subcontractors and visitors).
efforts to minimize both the likelihood of a risk occurring and its impact, where it cannot be avoided, through the implementation of appropriate procedures and preventive and control measures.
compliance with all applicable legislation and the implementation of programs and procedures to ensure such compliance.
assessment and measurement of risk at regular intervals, and especially after corrective actions are implemented, aiming to ensure its continuous reduction.
providing all required resources (staff training, personal protective equipment, fire protection means) to safeguard the health and safety of employees.
participation and consultation of employees on occupational health and safety matters.
Management’s commitment to continuously monitor and measure OHS performance and to strive for ongoing improvement.

To achieve the above, the company applies an Occupational Health and Safety Management System in accordance with ISO 45001:2018 and applicable legislation. The sensitivity of PAPAPOSTOLOU’s Management to OHS matters, together with the increasingly strong awareness and sensitization of its staff and interested parties (customers, suppliers, subcontractors, etc.), is an indisputable advantage in achieving Management’s OHS objectives.

INFORMATION SECURITY POLICY

Top management establishes an information security policy that:
a) is appropriate to the purpose of the company;
b) includes information security objectives (see 6.2) or provides the framework for setting information security objectives;
c) includes a commitment to satisfy requirements related to information security; and
d) includes a commitment to continual improvement of the information security management system.

The information security policy:
e) is available as documented information;
f) is communicated within the company; and
g) is made available to interested parties, as appropriate.

The objective of information security is to ensure continuity of the company’s business activity and to minimize the risk of damage by preventing security incidents and reducing their potential impacts.

Information Security Policy

PAPAPOSTOLOU’s objective is to protect the company’s information assets against all internal, external, intentional, or unintentional threats. The information security policy ensures that:

Information is protected against any unauthorized access
The confidentiality of information is ensured
The integrity of information is maintained
The availability of information for business processes is maintained
Legal and regulatory requirements are taken into account
A business continuity plan is developed, maintained, and tested
Information security training is available to all employees
All actual or potential information security breaches are reported to the Information Security Manager and thoroughly investigated.

In support of the above information security objective within the company:

Procedures are implemented to support the policy, including virus controls, passwords, and business continuity plans.
Business requirements for the availability of information systems are determined and must be met.
Measurable objectives are set, monitored for achievement, and reviewed regularly.
The objectives and their importance and achievement, as well as the company’s legal and contractual security obligations, are communicated to all parties involved in implementing the information security management system.
The Information Security Officer is responsible for maintaining the policy and providing support and guidance during its implementation.
Each party involved in implementing the information security management system has clear, predefined roles and responsibilities.
Any change to the information security and personal data security management system, based on ISO 27001:22 & ISO 27701:19, is promptly and appropriately communicated to all involved parties.
The system is audited at regular intervals under management responsibility, and audit results are taken seriously as inputs to regular system reviews, leading to revisions whenever deemed necessary.
Management is directly responsible and committed to implementing the policy and ensuring staff and service compliance.
Management is responsible for defining criteria for assessing and classifying information security risks and determining maximum acceptable risk levels.

As a consequence of the above:

Compliance with the information security policy is mandatory for all parties involved within the scope of the system.
Management commits to providing the necessary resources for developing, implementing, monitoring, controlling, reviewing, and revising the system, leading to its continual improvement through corrective and preventive actions.

The security policy is reviewed annually during the management review of the system and is revised whenever required by the organization’s business requirements and any legislative changes.

ANTI-BRIBERY POLICY

The company’s highest corporate governance body:
a. Commits to preventing, detecting, and addressing bribery in relation to the company’s business and operations.
b. Intends to implement measures suitable to prevent, detect, and address bribery.

Compliance with the Anti-Bribery Policy is mandatory and binding for all staff and company partners. The Policy is available to all staff, customers, partners, and suppliers, as well as to any involved public and municipal authority.

Anti-Bribery Policy

The management of PAPAPOSTOLOU N. S.A. recognizes bribery risks and provides all necessary resources to develop and implement a comprehensive Anti-Bribery Management System in accordance with the requirements of the international standard ISO 37001:2016. Within the framework of this System, procedures are documented and implemented to satisfy the Standard’s requirements, ensuring effective anti-bribery controls across all areas and activities of the company.
Within its overall operating framework, PAPAPOSTOLOU’s management:

Prohibits any form of bribery or acceptance thereof.
Has established anti-corruption measures to maintain high ethical standards and protect its reputation against any allegation of corruption and bribery.
Requires all employees to comply with the laws of the state or the European Union relating to bribery, which apply to the company.
Encourages all employees to contribute to identifying and reporting suspicions of any potential bribery and prohibits punishment or adverse treatment of such employees.
Applies a zero-tolerance policy against corruption and commits to operating with professionalism, legality, and integrity in all business dealings.
Raises awareness and provides appropriate training to staff through ongoing updates and training on combating bribery.
Has established a specific anti-bribery structure, independent of other staff, reporting only to the CEO, with the obligation and authority to investigate any potential bribery case, assess and evaluate bribery risks, and implement relevant anti-bribery measures.
In cases of bribery or non-compliance with the anti-bribery management system requirements, sanctions are imposed, and where relevant legal requirements are violated, the competent authorities are notified.
Commits to the continual improvement of the anti-bribery management system it applies.