Menu
Our Certificates
Back to previous page

Information Security Policy

Scope

This Information Security Policy applies to all employees and locations of the SVA System Vertrieb GmbH.

Definitions

Information Security refers to the protection of information from unauthorised access, miss-use, un-authorised disclosure, deletion, alteration or interference. Its goal is to ensure the confidentiality, integrity and availability of information. Information Security contains a wide range of technical and organisational measures to identify and minimize risks.

Cyber Security is an area of Information Security that focusses on the protection of networks, systems and data. Cyber Security involves technical and organisational controls to enhance the security and resili-ence of IT infrastructures.

Cloud Security is another important aspect of Information Security that concerns itself with the protection of cloud-based data, applications and services. Cloud Security includes measures which ensure data security (e.g. through access control management), data protection, and compliance in cloud environ-ments.

Responsibilities

The SVA leadership team sees Information Security as an indispensable mark of quality in our service provisioning. Compliance with our internal Information Security policies is a fundamental part of our com-pany philosophy. All member of staff must understand the necessity to perform their duties in line of our company philosophy.

The SVA leadership team supports and provides the necessary structures and processes and designated a responsible individual to implement this Information Security Policy through further policies, procedures and other documentation within our day-to-day work.

The SVA leadership team commits to provides the necessary resources to effectively implement and man-age an Information Security Management System and commit themselves to regularly review its appropri-ateness and effectiveness and ensures its continuous improvement.

Purpose

As a system integrator and IT service provider, SVA often processes highly sensitive data and information on behalf of our customers. This Information Security Policy provides the fundamental principles to ensure the protection of the data and information in the topics of Information Security, Cyber Security and Cloud Security.

Security objectives

The below security objectives have been identified to ensure:

  • The confidentiality, integrity and availability of customer and SVA data
  • Information Security requirements are defined in line with the company strategies, legal and con-tractual requirements
  • Non-conformities are identified and managed to reduce the impact of associated risk to an ac-ceptable level
  • Service provisioning is designed transparently and secured through an established security or-ganisation
  • Information Security risks are identified and reduced to an acceptable level
  • Reputational or financial damages through the loss of data or information is being prevented
  • The security of the organisation can be demonstrated to customers, legislator, partners, insurers and suppliers

Principles

SVA protects the confidentiality, integrity and availability of customer data. The organisation can demon-strate this in a form which allows customers to determine the appropriateness of the controls, to ensure that they can confidently use SVA as service provider.

SVA ensures that regular training activities are conducted for its employees in the subjects of data protec-tion and information security. Violations against information security and data protection requirements are managed appropriately.

Data and information are classified and managed in accordance with its classification.

SVA runs a risk management system with the goal to identify risks to the confidentiality, integrity and avail-ability of data and to manage and reduce such risks to an acceptable level.

Changes of systems and applications follow an established change management process, which takes due consideration to data protection and information security requirements.

SVA uses an access control system where employees only receive permissions which are strictly neces-sary for the performance of their duties.

Regular internal audits are being conducted to measure the effectiveness of implemented data protection and information security controls. Those audits further ensure that requirements are observed by employ-ees, weaknesses are identified, and corrective measures are implemented to ensure continuous im-provement.