Skip to content
Jump to navigation
Jump to footer

General Information Security Policy

Besuchen Sie für mehr Information und Zugang zu unseren Zertifikaten unser Trust Center.

Visit our Trust Center for more information and access to our certificates.

Protecting the company's information and IT assets (including but not limited to all computers, mobile devices, network equipment, software and sensitive data) from all internal, external, deliberate or accidental threats, and mitigating the risks associated with theft, loss, misuse, damage or destruction of these systems.

Ensuring that information is protected from unauthorized access. Users may only access assets for which they hold specific access authorization. The assignment of privileges must be strictly controlled and regularly reviewed.

Protecting the CONFIDENTIALITY of information. Confidentiality refers to safeguarding information from disclosure to unauthorized parties.

Ensuring the INTEGRITY of information. Integrity refers to protecting information from unauthorized modification.

Maintaining the AVAILABILITY of information for business processes. Availability refers to ensuring that authorized parties can access information whenever required. Complying with, and wherever possible exceeding, national legal and regulatory requirements, standards and best practices.

Continuously improving the information security management system through the implementation of corrective measures that enhance its effectiveness.

Developing, maintaining and testing business continuity plans to ensure that we stay on track regardless of any obstacles we may encounter — keeping calm and carrying on.

Raising awareness of information security by providing information security training for all employees. Security awareness and targeted training must be carried out consistently, responsibility for security must be reflected in job descriptions, and compliance with security requirements must be expected and embraced as part of our culture.

Ensuring that no action is taken against employees who disclose an information security issue by reporting it or by contacting the Information Security Management Lead directly, unless such disclosure clearly indicates an illegal act, gross negligence, or repeated deliberate disregard of regulations or procedures.

Report all actual or suspected information security incidents to informationssicherheit@oee.ai or via the linked form.