Data security


Our work and business processes are largely based on IT solutions. The security of our information systems is thus a top priority, because we know that inadequately protected data harbors the risk of growing vulnerability and economic harm. We aim to provide reliable systems for the Group and for our partners at all times in order to ensure that we can all continue to operate undisturbed.

When securing our IT systems, we focus on the three underlying principles of information security:

  • Confidentiality: business and personal data are protected against unauthorized access.
  • Integrity: when data are processed electronically, business and personal data can neither be changed (either by unauthorized persons or unintentionally) nor falsified.
  • Availability: IT systems are available in accordance with agreed specifications.

To ensure that our IT systems are secure, the Information Security Committee, a sub-committee of the IT Board, has defined guidelines and procedures based on ISO 27002. In addition, Group Risk Management, IT Audit, Data Protection and Corporate Security monitor and assess IT risk on an ongoing basis.

Examples of security measures:

  • Employees are granted access to our systems and data only to the extent to which it is required to perform specific tasks.
  • IT systems and data are backed up on a regular basis, and critical data are replicated in the data centers.
  • To ensure that our IT systems are constantly available, we design them to protect against complete system failures and operate data centers at different geographical locations around the world. All of our software is updated regularly to address bugs and close potential gaps in security.