Information Security Policy
Information security is a central part of all processes at Dr. Eilebrecht SSE GmbH & Co. KG, it is a central component in all processes and a core requirement for our actions. Information security affects everyone with varying degrees of relevance. Especially our customers expect (or even presuppose) the protection of information, knowledge and know-how that is shared. We, as a company, naturally also have a great interest in the confidentiality, protection and integrity of our information. Our information security policy follows the ISO 27001 standard.
These are our information security principles
- Confidentiality
Confidential information must be protected from unauthorized disclosure. The level of confidentiality is determined by the category, classification and origin of the information. Confidentiality must be maintained for any information that is subject to secrecy. This means that information is only shared with authorized persons. Measures to maintain confidentiality are taken at least to the necessary extent. - Integrity
Information must be adequately and appropriately protected from change and loss to ensure completeness. Where necessary, information is protected from manipulation and changes are documented in a traceable manner. - Availability
Information is made available to users at the required and correct time. To this end, measures are in place to ensure that IT systems whose functions, information or data are available when they are needed are protected against loss and can be restored if necessary. - Authenticity
Information and its origin must be adequately verifiable for authenticity, so that confidentiality and integrity are guaranteed at all times in the necessary form. - Conformity
Information security must be mapped in conformity with contractual obligations and agreements and should meet requirements specified by norms and standards. - Continuous improvement and error culture
Aspects of information security, processes and guidelines of the management system require constant observation, monitoring, evaluation and improvement so that information security can be guaranteed on a permanent basis. In addition to improvement through monitoring and evaluation, a positive error and notice culture should also contribute to improvements in information security.
