1. Table of Contents
- Table of Contents
- The enterprise
- Aims of Erwin Junker Maschinenfabrik GmbH in information security
- Procedure and methodology
- Role of the information security officer (ISO)
- Role of the data protection officer (DPO)
- Expectations of partners and suppliers
Erwin Junker Maschinenfabrik GmbH sees it as its core task to permanently provide its customers with high quality products and services. Among other things, this task requires sensitive handling of all confidential information. It is therefore the goal to protect information as important assets in an appropriate manner with regard to confidentiality, availability and integrity.
For a safe and reliable supply, Erwin Junker Maschinenfabrik GmbH will continuously develop the tasks and processes as well as the information systems required for this through appropriate measures.
This goal is sustainably supported by the information security management system (ISMS) according to the requirements of the international TISAX standard, which is based on ISO / IEC 27001. In order to maintain the effectiveness of the ISMS, it is continuously evaluated, monitored and improved as necessary. For this purpose, Erwin Junker Maschinenfabrik GmbH has implemented a comprehensive security strategy.
For Erwin Junker Maschinenfabrik GmbH, information security is a matter for all employees and departments. The management is responsible for information security and thus also for the ISMS.
It undertakes to provide sufficient resources for the construction and operation of the ISMS and to support the ongoing operation of the ISMS.
Every employee in the area of application is obliged to adhere to the rules of information security and is requested to contribute to its further development by pointing out potential improvements.
3. The enterprise
Erwin Junker Maschinenfabrik GmbH develops, produces and sells high-precision grinding machines for metalworking as well as filter systems for industrial air cleaning.
As an owner-managed company, Erwin Junker Maschinenfabrik GmbH is one of the world's pioneers in mechanical and plant engineering - a strong partner for customers who want to benefit from tailor-made solutions, competent advice, financing models and uncompromising service at the same time.
4. Aims of Erwin Junker Maschinenfabrik GmbH in information security
Our employees process, transport, save, check, evaluate and archive data and information for our customers and ourselves every day. The following security goals must be achieved:
- Dealing with information security risks
Erwin Junker Maschinenfabrik GmbH gives prevention of information risks a high priority and thus avoids financial damage and loss of reputation.
- Protection goals
The confidentiality, integrity and availability of information and data of Erwin Junker Maschinenfabrik GmbH and its customers, service providers and suppliers are guaranteed.
- Information security as part of daily work
The service processes are designed to be transparent and secured by the security organization (ISMS).
- Risk-based approach to minimize risks
Information security risks are identified and assessed. Taking economic efficiency into account, suitable measures are developed and established to limit risks at an acceptable level.
All security-related activities are carried out in accordance with legal requirements, standards and best practices. The corresponding responsibilities are defined.
- Guarantee of compliance with the contractual relationship
The transparency of the entire agreements for the affected company departments and for the employees responsible for them as well as external and internal service providers is given.
- Information security requirements
The necessary level of information security is derived from the business requirements. Project managers and other responsible employees proactively define these requirements in their area of activity with the involvement of the information security officer (ISB).
5. Procedure and methodology
The goals named above are achieved by implementing and operating an information security management system (ISMS) in accordance with the TISAX standard.
As part of the ISMS, all information security risks are managed that pose a threat to the above-mentioned goals with regard to the company's information assets. For this purpose, risk management is operated and focuses on the protection of information assets.
6. Role of the information security officer (ISO)
The ISO of Erwin Junker Maschinenfabrik GmbH is the contact person for questions about information security and is responsible for the development and fulfillment of the requirements of the information security concept.
The information security-relevant incidents (ISVs) are controlled by the ISO and can be delegated by him to the appropriate specialist department.
7. Role of the data protection officer (DPO)
The DPO of Erwin Junker Maschinenfabrik GmbH is the contact person for all questions relating to the protection of personal data.
He reports directly to the management and is commissioned by them to determine the level of maturity of data protection, to control the data protection processes and to advise on their improvement. He advises the management on all issues relating to data protection and must always be involved in important decisions relating to data protection.
8. Expectations of partners and suppliers
Erwin Junker Maschinenfabrik GmbH expects the relevant infrastructures and protective measures of its partners and suppliers as well as their subcontractors to be state-of-the-art, which takes into account operational processes and information security issues. The employees of the partners and suppliers as well as their subcontractors are adequately trained and sensitized in this regard.
Erwin Junker Maschinenfabrik GmbH reserves the right to check this in consultation with the supplier by means of audits in a suitable form.