Cookies
Diese Website verwendet Cookies und ähnliche Technologien für Analyse- und Marketingzwecke. Durch Auswahl von Akzeptieren stimmen Sie der Nutzung zu, alternativ können Sie die Nutzung auch ablehnen. Details zur Verwendung Ihrer Daten finden Sie in unseren Datenschutz­hinweisen, dort können Sie Ihre Einstellungen auch jederzeit anpassen.

General Information Security Policy

Zweitag is committed to the measures described below to achieve its information security objectives:

  • Protecting the company's information and IT assets (including, but not limited to, all computers, mobile devices, network equipment, software, and sensitive data) from all internal, external, intentional, or accidental threats and mitigating the risks associated with theft, loss, misuse, damage, or corruption of these systems.
  • Ensuring that information is protected from unauthorised access. Users may only access the assets for which they have special access authorisation. The allocation of privileges must be strictly controlled and regularly reviewed.
  • Protection of the CONFIDENTIALITY of information. When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorised persons.
  • Ensuring the INTEGRITY of information. The integrity of information refers to the protection of information from modification by unauthorised persons.
  • Maintaining the AVAILABILITY of information for business processes. Availability of information refers to ensuring that authorised parties can access the information when required.
  • Complying with and, wherever possible, exceeding national legal and regulatory requirements, standards, and best practice.
  • Developing, maintaining, and reviewing business continuity plans to ensure the organisation stays on track despite any obstacles it may encounter. It's about 'keeping calm and carrying on'.
  • Raising awareness of information security by providing information security training to all employees. Security awareness and targeted training must be consistently delivered, responsibility for security must be reflected in job descriptions, and compliance with security requirements must be expected and accepted as part of our culture.
  • Ensure that no action is taken against employees who disclose an information security issue by reporting or directly contacting the Head of Information Security Management, unless such disclosure indicates beyond reasonable doubt an illegal act, gross negligence, or repeated wilful or deliberate disregard of regulations or procedures.
  • The board and management are committed to providing leadership and taking responsibility for the information security management system by establishing a strategic information security policy, providing necessary resources, ensuring integration into company processes, and communicating the importance of effective information security. They support all employees in its implementation, promote continuous improvement, and ensure that the system achieves its intended objectives.
  • The information security policy is appropriately aligned with the company's objectives, defines specific security objectives, commits to compliance with relevant requirements and to continuous improvement. It is communicated throughout the company as documented information and is available to relevant interested parties in an appropriate form.

All actual or suspected breaches of information security must be reported to security@zweitag.de.