Information Security Policy
Scope of intention
As a company, we strive to be prepared and protected for potential Information security risks and resulting issues. Following an continuous improvement approach, we will safeguard our system integrity, our information assets, our clients information assets, secure products and manufacturing processes.
Information Security is a ongoing process to ensure confidentiality, integrity and availability of information assets. These information assets can be in both technical or non-technical form. Failure to secure information assets in today’s highly networked environment can damage or shut down systems that operate our company, lead to financial loss, compromise data and products as well as result in legal and regulatory non-compliance.
Therefore Information Security is an important and active part of our company and every employee.
In order to maintain a high standard of information security, every employee is obliged to comply with related policies (listed below) and with related laws and regulations (e.g the EU General Data Protection Regulation)
Information Security responsibilities
The company will maintain and continuously improve its information security through the following aspects:
- We strive to protect and maintain the confidentiality, integrity and availability of company & client information and related infrastructure assets.
- We assure a secure and stable information technology environment with technical, organizational and processional measures. We establish the required technical and organizational measures to protect data, both at the time of determining means and purpose for processing and at the time of processing itself.
- We actively manage the risk of security exposure or compromise.
- We monitor our system and information assets for anomalies that might indicate compromise.
- We identify and respond to events involving information asset misuse, loss or unauthorized disclosure. We ensure that (potential) data breaches are reported to management and thoroughly investigated to resolve them and avoid recurrence.
- We promote and increase the awareness of information security. The emerging culture of information security stimulates responsibility and ownership concerning data protection and privacy.
- Every congatec employee, contractor, consultant, temporary, and other workers, including all personnel affiliated with third parties ensures their work is compliant with all released congatec IT policies. This also includes employees that are leaving the company.
- We actively work on achieving our Information Security Goals each review period. The objectives are set reflect the commitments identified above.
- We continuously improve our information security and the Information Security Management System.