Menu
Home
Back to previous page

Information Security Policy

Information Security Policy at SVA System Vertrieb Alexander GmbH

 

Scope

This Information Security Policy applies to all sites and employees of SVA System Vertrieb Alexander GmbH.

Responsibility

The SVA Management Board considers information security to be an imperative quality mark of our service processes. Compliance with the requisite in-house information security guidelines is one of the fundamental principles of our company philosophy. All company employees must understand its absolute necessity in order to ensure that it is embedded in the performance of their day-to-day tasks.

To this end, the Management Board supports and promotes the structures and processes required for this and has designated appointees responsible for implementing this information security policy through procedural instructions, work procedural instructions and documentation, and for anchoring it within day-to-day operations.

The Management Board shall provide the requisite resources in the form of personnel capacity and funding and undertakes to regularly review the appropriateness and effectiveness of the information security management system and make continuous improvements.

Purpose

As a consequence of its role as system integrator and IT service provider, SVA frequently comes into contact with highly sensitive customer data and information. This Information Security Policy outlines the basic principles for ensuring the security and integrity of this data and information.

Security objectives

  • To ensure the privacy, integrity and availability of data belonging to SVA and its business partners

  • To align information security requirements with corporate strategy and comply with legal and contractual stipulations

  • To identify nonconformities and correct them or minimize their effects to an acceptable level through appropriate actions

  • To establish transparent service processes and safeguard them with established security management practices

  • To identify information security risks and minimize them to an acceptable level

  • To prevent reputational or financial damage through the loss of data or information

  • To demonstrate high company security standards to customers, legislators, partners, insurance providers and suppliers

Principles

SVA protects the privacy and integrity of customer data, demonstrating this in a way that enables potential customers to recognize the appropriateness of the measures taken and to choose SVA as their service provider.

SVA conducts regular employee training on the subjects of data protection and information security. Violations of requirements are responded to with appropriate actions.

Data and information are classified and processed using procedures that are appropriate for the respective classification level.

SVA operates a risk management system with the objective of identifying risks to the privacy, integrity or availability of data and information and minimizing these risks to an acceptable level.

Changes to systems and applications are subject to a defined change management process that takes aspects of data protection and information security into account at all times.

SVA uses a permissions concept that assigns employees only those permissions that are necessary for their work.

Regular internal audits ensure that employees implement and comply with data protection and information security requirements, weak points are detected and opportunities for improvement are utilized.

 

Wiesbaden, September 16, 2022