Information Security Policy

Created by ISM - Team
Approved by GF
Confidentiality Level Public
Version R3
Content

1 Scope

The objective of the policy and the context of EBCONT operations GmbH is to define the objectives
and expectations of participating parties with regard to the information security of EBCONT
operations.
Users of this document are all employees of EBCONT operations GmbH as well as relevant external
parties.

2 Purpose

EBCONT operations information security policy expresses the company's goals and attitude of
responsibility, thus creating the framework for sustainable information security management.

3 Safety Policy

Information security is of fundamental importance to EBCONT. It makes a significant contribution to trusting cooperation with business partners and all interested parties and helps to ensure the ongoing success of the company.

The aim of the security policy is to fulfill legal requirements and conditions in terms of information security and, if necessary, to exceed them by applying economically reasonable evaluation criteria.

To this end, all measures and processes should be made transparent, depending on their relevance, to employees, partners and customers of the company, so that they can be implemented to the best of our knowledge and in a practicable way and integrated into everyday work - to protect the company and everyone involved. This security policy covers information in all its forms, whether electronic, written, verbal or other.

For this purpose, the following framework was created by the management, which is aligned with the specifications for an information security management system (ISMS) according to DIN EN ISO 27001:2013.

Management is committed to providing resources for compliance and maintenance of the information security management system.

4 History and development of the company

EBCONT operations GmbH was founded in 2013 as a subsidiary of EBCONT group GmbH and integrated into the EBCONT holding GmbH group in 2014. Within the EBCONT group, EBCONT operations GmbH is a reliable supplier and integrator of business solutions based on traditional and innovative IT products.

  • The company is located in 3040 Neulengbach, Bergmanngasse 7.
  • The office - together with EBCONT enterprise GmbH, EBCONT proconsult GmbH and EBCONT communication GmbH - is located in the Millennium Tower in 1200 Vienna, Handelskai 94-96.

In order to design efficient processes and to be able to use EBCONT group-wide, certain areas/processes are centralized in the EBCONT group. EBCONT operations therefore procures various services from the EBCONT group, which represents a significant competitive advantage.

5 Business model

On the one hand, EBCONT operations GmbH directly concludes customer contracts and fulfills them in sole responsibility, on the other hand, it contributes its special competences within the EBCONT Group as a subcontractor.

EBCONT operations has 2 strategic orientations:

1. services based on time and material

2. turnkey solutions and managed services

6 Delimitation

Due to the company's business model, different requirements and delimitations arise with regard to the applicable security policies:

  • Resources (work devices/servers) are provided by the customer for work at the customer's site: Resources are subject to the customer's requirements
  • Resources are provided by EBCONT: these are subject to EBCONT's control and specifications.
    Principles of EBCONT operations Information Security
  • Customer orientation
    EBCONT operations GmbH depends on its customers and shall therefore understand current and future customer needs, meet customer requirements and strive to exceed customer expectations.
  • Leadership
    Leaders provide unity of purpose and direction. They create the internal environment and sustain the organization by ensuring employees are fully committed to achieving the organization's goals.
  • Employee Involvement
    Employees are the defining factor of EBCONT operations GmbH at all levels. Their full involvement enables their skills to be utilized for the benefit of the organization.
  • Process orientation
    A desired result can be achieved more efficiently if activities and associated resources are managed and directed as a process.
  • System-oriented management
    Recognizing, understanding and managing processes that interact with each other as a system helps to achieve the organization's goals effectively and efficiently.
  • Continuous improvement
    Continuous improvement of all performance is an ongoing task and commitment. The effectiveness and adequacy of safety measures are regularly reviewed and documented. Deviations are analyzed with the aim of continuously improving our safety level.
  • Factual decision-making
    Our decisions are based on the analysis of data and information.
  • Supplier relationships for mutual benefit
    An organization and its suppliers are interdependent. Mutually beneficial relationships add value to both parties.
  • Compliance with legal requirements
    The requirements of legal, official or contractual regulations are to be incorporated into the processes and fulfilled. The basic requirements of information security (confidentiality, integrity, availability) are observed when processing information. Information is processed appropriately and securely in accordance with its protection requirements and protected against unauthorized access.
  • Awareness
    All employees are aware of the need to carry out their daily tasks with information security in mind. To ensure this, all employees are continuously sensitized and qualified.
  • Information security culture
    The trust of customers in the quality and security of services is a very high value to EBCONT. This includes both data and information required for the secure operation of the office environment and technical equipment, as well as the data and information generated at the customer's site and processed on a personal basis. To protect its services, facilities, data and information, EBCONT takes all necessary and economically justifiable measures to protect these assets in accordance with the state of the art.

7 Understanding the needs and expectations of interested parties

EBCONT operations recognizes interests of its stakeholders and engages with them to identify or assess potential impacts on the business objective from an information security perspective. The goal of EBCONT operations is to always have a clear picture of the requirements and expectations of the key stakeholder groups. The related stakeholder groups will be active members of the ISMS within EBCONT operations and will have direct influence on as well as requirements for the ISMS.

8 Relation to ISO 27001

Checklists, Measures

ISO Section

Context of the organization 4

9 Validity and document review

This document is valid from: 01.07.2017.

The owner of the document is the management, which reviews the document at least annually and updates it if necessary.