Unique is committed in its dedication to the ongoing improvement of our Information Security Management System (ISMS) and Quality Management System (QMS), proactively adapting to evolving circumstances. This commitment guarantees robust protection for our customers' sensitive information. Furthermore, it significantly reduces Unique's risk exposure. Through obtaining external certifications, we bolster trust in our brand and product offerings. This enables our partners and customers to efficiently validate the secure and responsible management of their data.
Protection principle
Confidentiality, availability, and integrity of information must be ensured according to the requirements defined by the customers.
Responsibility
All users of ICT services and processes are responsible for security. The requirements for protection are defined by the information owner.
Access
The principle of "need-to-know" and “least privilege” applies. Each user may only have access to the data that they need to fulfil their respective tasks.
Documentation
All security requirements and measures as well as any deviations from them must be documented.
Awareness
Every Unique employee must be aware of the risks associated with the use of information technology and be informed accordingly.
Privacy
When collecting and processing information, the necessary protection must be considered to maintain data privacy. In particular, the legal requirements in this regard must be complied with.
Management of company assets
The company assets (information, infrastructure, applications, etc.) must be identified and documented. Special attention must be paid to the protection of information assets, which is determined based on the classification concept by the data owner.
ICT Continuity planning
Recovery plans and processes must be in place for the critical applications and tested regularly to ensure they are up to date and fit for purpose.
Risk Management
ICT security is based on a risk-based approach that is tailored to the needs of the business processes. A process-oriented ICT security management system regularly identifies deviations and violations of the guidelines. For this purpose, suitable metrics are defined to report on the effectiveness of the measures.
Success control and continuous improvement
The effectiveness of the measures implemented is checked using suitable metrics and continuously improved as required in accordance with the Deming cycle (plan-do-check-act).
The entire life cycle of the information must be considered, from creation, processing, storage, transmission, archiving, and deletion to disposal/destruction.
Security moments
Sharing good or bad experiences with security and data protection in the daily huddle of Unique, that employees have learned or seen which relates to security. There is also an open special interest group (SIG) to share and communicate in case of security-relevant topics.
Author |
|---|