Information Security

We are ISO 27001 certified

In our daily business we develop software for the energy supply of people and industries. This represents a critical infrastructure for the respective countries and is particularly worth protecting.

As a rule, we work with personal data (e.g. network data). Stricter data protection regulations apply to this. Therefore, data protection and information security have a high priority with us.

ISO 27001

The ISO 27001 contains requirements for an information security management system (ISMS), which contributes indirectly to information security.

Our ISMS consists of a risk-based approach (requirement ISO 27001). Here, the standard is used to identify risks, which include the following three goals for information security:

  • Integrity
  • Confidentiality
  • Availabilit

These risks are assessed according to their possible extent of damage and prioritized accordingly. Derived measures are used to reduce the possible extent of damage caused by the risks. The standard specifies 114 mandatory measures. Further measures are derived by us.

It is a systematic model in which certain rules and processes are defined within an organization in order to achieve the introduction, implementation, ongoing operation, maintenance, monitoring or review and improvement of an organization’s information security.

All risks are assessed in detail and the level of risk acceptance is determined. The rules and processes are defined in ISO27001.

Important information about our security process:

In December 2019 we achieved the ISO 27001 certification, to increase our level of information security. Here you can download the certificate. To increase your level of trust in us, we give you some insides in our security workflow. If you need further information, please contact our security department.

Our information security process begins with your contact, for example by e-mail. We always handle your data confidentially.

Communication security

Our employees are equipped with an S/MIME certificate to enable encrypted communication to our conversation partners. When transferring bigger data, we provide an upload server to guarantee an encrypted transfer of information and access to security areas.

Storage of information on premise – Accessmanagement

We follow the approach of the Need-to-know principle for all kind of information and the Least-Priviledge principle for the access of directories.

Your information will be securely stored in our premises on our servers on an encrypted disk. Your information can only be accessed by selected employees that are specialised for processing your information.

Storage of information in the cloud

For storing information in the cloud only certified data centers are selected (OTC and AWS).

Within those data centers, we build up our own secure infrastructure.

Monitoring of our installations in the cloud

We monitor our systems around the clock. In case of abnormal behaviour we implemented a monitoring system, that enables us to see systems that show abnormal behaviour.

Reaction to information security incidents

In case of an information security incident, our IS-Team is in charge of emergency management.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 867602.