1 Introduction

    1.1 Scope
    This Information Security Policy is applicable to the entirety of InfoGuard. All InfoGuard employees as well as external staff and suppliers, which access and process information concerning InfoGuard and its clients, are required to adhere to the following security principles and the related policies and procedures.

    2 Information Security Goals

    InfoGuards information security goals include the following:

    • Preservation and strengthening of InfoGuards trustworthiness towards its clients, partners and employees.
    • Compliance to legal, regulatory, industry as well as internal requirements during data processing.
    • Protection of personality and privacy of data subjects
    • Protection of sensitive information such as client data, employee data and intellectual property from unauthorized access, deletion, manipulation and destruction.
    • Ensuring the confidentiality, integrity and availability of critical business processes and underling information assets.
    • Management of operational security risks concerning the procession of sensitive information regarding InfoGuard, its clients, employees and business partners.

    3 Information Security Principles

    3.1 Commitment
    InfoGuard is committed to the implementation of the stated information security goals and the applicable controls from the ISO/IEC 27001:2013 annex A.

    3.2 Compliance
    During the procession of data, InfoGuard adheres to the applicable legal, regulatory, industrial and internal requirements and widely recognized information security standards.

    3.3 Economic efficiency
    The cost of information security measures should not exceed the risk reduction contribution towards identified information security risks. In addition the restriction of business activities caused by implemented information security measures should be kept to a minimum.

    3.4 Information security management system (ISMS)
    InfoGuard has implemented an information security management system. The ISMS is used for risks mitigation concerning information processing related risks and defines measures to protect InfoGuards information security posture. The ISMS adheres to the widely recognized security standard ISO 27001 and has to be documented appropriately.
    InfoGuard is committed to continuously improve its ISMS.

    3.5 Responsibilities
    All internal and external personal with access to client data and other sensitive data from InfoGuard, play their part in protecting the processed information as part of their area of responsibility. All internal and external personal comply with the outlined information security principles and the related policies and procedures.
    Security awareness is a vital component of InfoGuards culture. All employees are personally committed to campaign for our security principles in their day to day work.