Information Security Policy
Overview
Actonic Products GmbH Information Security Policy was compiled in accordance with ISO27001 Information Security Management System standard. The Policy outlines a systemic approach to the process of managing sensitive third-party data and information in relation to the Actonic Products family of products.
Note that the term “data” is used in this document to indicate both data (plural and singular), as well as the information that data represents.
Objective
The objective of this Policy is to establish the process and procedures aimed at protecting sensitive third-party data.
Process
At a high level, Actonic Products GmbH will ensure that the following process is in place:
Identify, for each product, what sensitive data is being stored.
Clarify how sensitive the data is stored, breaking it down into as granular sections as required.
Actively avoid storing sensitive data wherever possible.
Where sensitive data must be stored, ensure it is stored in the most secure sections of our infrastructure and will not be transferred to less secure sections (unless under appropriate encryption during transit).
Where sensitive data is managed by a third-party, ensure those parties implement robust security policies and actively check those policies are updated and enforced.
Actively review internal code for security vulnerabilities and ensure understanding of the process to follow when any are found.
Actively review any external code used for security vulnerabilities and ensure the understanding of the process to follow when any are found.
Responsibility
The roles of senior staff in relation to sensitive data are:
Continuous review of the implementation of this policy - CEO
Risk identification and analysis - CTO
Instilling a culture of security awareness in the company - CEO
Communication and review following a breach - CEO
Reviews
Review of this Policy and its enforcement - Annually
Security Risk Review - Quarterly