Information security at viridicon AG

Target

Today, the viridicon group of companies offers a wide range of expertise in all areas of information technology. The departments are dedicated contact partners who act in accordance with the individual needs of our customers. We establish solutions for network technology, IT security, such as backup and firewall systems, as well as a wide range of server services and classic system solutions, including in the field of telephony. Furthermore, the viridicon group also specialises in providing advice on information security and data protection. In addition to the central location in Fulda, viridicon AG also has locations in Hamburg and Cuxhaven.

 

viridicon datacenter GmbH is a subsidiary of viridicon AG and bundles the required server systems in a company-owned data centre. As a cloud service provider, it offers flexible and scalable cloud solutions for all company sizes and industries. The range of services includes housing and hosting of customer infrastructure.

 

The services provided by viridicon AG in the area of maintenance, support and training up to the development of solutions in the area of digitalization round off the customer service.

One aim is to deliver innovative and quantitatively high-quality services and products, because providing flawless and reliable solutions, including proof of quality and safety levels, is not only a customer requirement, but also ensures a clear competitive advantage.

 

The management of viridicon AG therefore adopted an information security management system (ISMS), a data protection management system (DSMS) and a quality management system (QMS). The viridicon Group is certified according to ISO 27001 and ISO 9001.

The management is committed to establishing, maintaining and constantly improving quality, information security and data protection requirements throughout the viridicon Group in order to offer customers added value and therefore maintain a competitive advantage.

Scope of application

In principle, the guidelines on information security and data protection apply to all employees of viridicon AG. No exceptions are made.

ISMS application area

The ISMS of viridicon AG defines the processes to protect information, regardless of its origin, with regard to its confidentiality, availability and integrity. This also improves the processes of our service delivery. Each customer thus has a direct added value in relation to information security.

ISMS targets

By establishing and improving the ISMS, viridicon AG pursues the following objectives:

 

Requirements-based

As an IT service provider, we advise our customers on a wide range of issues, establish systems and exchange sensitive information. The solutions must fulfil customer requirements, be data protection compliant and secure in order to reduce risks and maximise benefits. IT services must work when they are needed. We therefore attach great importance to availability, which is certified by TÜV.

Transparency

We take responsibility for our actions. This also includes knowing the applicable laws and regulations and complying with them. This also minimises risks for us and our customers.

Confidence

A successful and long-term cooperation is only possible with a solid relationship of trust. This applies to our customers, suppliers and employees. We want to strengthen trust by offering high-quality, but also safe services. Measures are taken to ensure the confidentiality and integrity of all customer and company data.

Cooperation

Digitization is progressing steadily. Some issues are becoming increasingly complex. Projects for the implementation of solutions are therefore becoming more and more demanding. Thanks to a well-established team and expertise in several business areas, we are able to achieve extraordinary things. In doing so, insights and knowledge are shared and used to proactively support customers in the long term.

Culture

By creating a culture of safety and quality in the company, potential damage caused by improper behaviour can be proactively countered. We keep our knowledge up to date. We provide this through ongoing awareness raising, external audits, adapted training courses and certifications.

Improvement

All management systems of viridicon AG are continuously improved with the requirements of legal requirements and current standards by means of a control system.

Organisation

By definition of this guideline, the management is the client for the ISMS. It is represented by the management. It is primarily responsible for information security. Therefore, it determines the content of the ISMS in cooperation with the Information Security Officer (ISO) and the Data Protection Officer (DPO). In addition, it determines the content of the regulations based on it.

The ISO is the key expert for information security in an organisation. From the beginning of the implementation, the ISO must be integrated into the requirements management. This is the only way to effectively address security-related issues. The same applies to personal data for the DPO.

The DPO has an advisory function on data protection for all parts of the company. In doing so, he pays particular attention to compliance with the legal requirements of the General Data Protection Regulation (GDPR) and draws attention to data protection laws.

Continuous improvement

An important task of the ISO is the continuous improvement and adaptation of information security to new framework conditions and/or new technical possibilities. Therefore, the exchange between the ISO and the IT department must be organised if necessary. In addition, the ISO should inform the IT department separately about new topics and trends in IT security.

The ISO has the task of finding out about trends in IT security and assessing whether they make economic sense for the company.

Users are encouraged to report possible improvements or identified vulnerabilities to the ISO. To check the effectiveness of the ISMS, the ISO will randomly check the technical and organisational measures and the organisation of the ISMS at least once a year and document this accordingly.

Explanation

The Executive Board of viridicon AG hereby adopts the information security policy as part of its corporate strategy.

The Management Board supports the objectives and principles of information security in line with the business strategy and business objectives.

By establishing an Information Security Management System (ISMS) and providing the necessary resources, the Executive Board creates the opportunities to achieve the objectives of the ISMS. As the highest authority of the ISMS, the Executive Board actively contributes to the success of the ISMS.

viridicon AG relies substantially on the availability of information and increasingly on the proper functioning of its information systems in its business activities. Information processing and digitization are becoming increasingly important in the economy. Networking within the company but also with customers and suppliers significantly support the provision of services. Failures of core systems can cause economic damage as well as damage to the reputation of viridicon AG after a short period of time.

Information security creates the necessary trust, both internally and with customers and partners, to drive digitalisation forward and address the resulting risks. For this reason, the topic of legal, technological and organisational matters is being actively pursued by the Executive Board or the persons appointed by the Executive Board for this purpose.

The objectives of the ISMS are derived from the principles of viridicon AG.

Operational objectives are assigned to the strategic objectives of the ISMS. These are measured annually using key figures:

 

  1. Protection of the company’s assets
    • Avoidance of unplanned downtime of central IT services
    • Preventing financial damage from cybercrime
  2. Confidential handling of business documents and information
    • Protection of confidentiality of information
  3. Compliance with IT security and data protection standards
    • Establishment of a state-of-the-art IT security level
  4. Further development of the company with regard to information security
  5. Staff awareness training
  6. Continuous improvement of the ISMS and security measures