Information security
We are ISO 27001 certified
In our daily business we develop software for the energy supply used by people and industries. This represents critical infrastructure for the respective countries and is particularly worth protecting.
As a rule, we work with sensitive data (e.g. network data) where stricter data protection regulations apply. Therefore, data protection and information security are a high priority for us.
ISO 27001
The ISO 27001 contains requirements for an information security management system (ISMS), which contributes indirectly to information security. Our ISMS consists of a risk-based process (requirement ISO 27001) which includes the following three goals for information security:
- Integrity
- Confidentiality
- Availability
These risks are assessed according to their possible extent of damage and prioritized accordingly. Derived measures are then used to reduce the possible extent of damage caused by the risks. The standard specifies 114 mandatory measures and additional measures are derived by us.
It is a systematic model in which certain rules and processes are defined within an organization in order to achieve the introduction, implementation, ongoing operation, maintenance, monitoring or review and improvement of an organization’s information security.
All risks are assessed in detail and the level of risk acceptance is determined. The rules and processes are defined in ISO27001.
Important information about our security process:
In December 2019 we achieved the ISO 27001 certification to increase our level of information security. Here you can download the certificate. To increase your level of trust in us, here we are providing some insights into our security workflow. If you need further information, please contact our security department.
Our information security process begins with your contact, for example by e-mail. We always handle your data confidentially.
Communication security
Our employees are equipped with an S/MIME certificate to enable encrypted communication to our conversation partners. When transferring bigger data, we provide an upload server to guarantee an encrypted transfer of information and access to security areas.
Storage of information on premise – Access Management
We follow the approach of the Need-to-know principle for all kinds of information and the Least-Privileged principle for the access of directories.
Your information will be securely stored on our premises in our servers with an encrypted disk. Your information can only be accessed by selected employees that have special training in processing and protecting your information.
Storage of information in the cloud
For storing information in the cloud, only certified data centers are utilized (OTC and AWS).
Within those data centers, we build up our own secure infrastructure.
Monitoring of our installations in the cloud
We monitor our systems around the clock. When any abnormal behavior is detected, our monitoring system enables us to quickly identify and investigate the issue.
Reaction to information security incidents
In case of an information security incident, our IS team executes an emergency management protocol designed to limit the negative impacts to our systems and our customers.