Information security

Policy statement

The importance of information security to us

As a consulting firm specializing in information and IT security, HEURECON relies heavily on our clients’ trust in our professional handling of the information entrusted to us. Our performance in this regard depends both on the sensitive and careful handling of information by every single employee at HEURECON and on the information and telecommunications technology, along with the associated data and systems. It is therefore of the utmost importance to ensure information security at an appropriate level and in accordance with the state of the art.

Through this policy statement, we express the management’s positive attitude, interest, and sense of responsibility regarding information security and data protection.

Our goals

Appropriate information security ensures the availability, integrity, confidentiality, and authenticity of the data we process and the information processing systems we operate or that are operated on our behalf under our supervision. These must be protected in such a way that

  • they and the business processes that depend on them are available in accordance with requirements,
  • the integrity of the data and systems is ensured,
  • the confidentiality of processed information is maintained in an appropriate manner, and
  • the authenticity (genuineness) of data, systems, and communication partners is guaranteed.

Based on these security objectives, we develop specific information security goals and regularly measure the achievement of these goals.

We consider it an important task to identify information security risks and control them through appropriate action, i.e., to reduce, avoid, or transfer them to an appropriate level. The legal and regulatory framework represents a minimum criterion for us in this context.

Our goal is not only to ensure information security at a risk-oriented level, but also to continuously improve it. To achieve this goal, we operate an information security management system (ISMS) in accordance with ISO/IEC 27001 in its currently valid version. In doing so, we ensure that all requirements of this standard are correctly implemented, that the information security objectives are aligned with the corporate objectives, and that the processes and protective measures within this information security management system are continuously improved.

In particular, we commit ourselves to:

  • continuously review, evaluate, and improve the information security-related performance of the company and the ISMS.
  • provide the necessary resources to achieve strategic and operational objectives.
  • promoting information security awareness among our employees through training, information, and setting an example through our own actions.
  • comply with applicable legal and other requirements regarding information security and data protection.

Further requirements and their binding nature

Further concepts, policies, and processes specify our information security management. The provisions set out in these documents are binding for all employees. Our management decides on necessary exceptions to the provisions in individual cases.

Negligent and intentional violations of the requirements may result in disciplinary and labor law measures.