Logo Logo Junker Group Square
x

Erwin Junker Maschinenfabrik GmbH

Information security

1. Table of Contents

  • Table of Contents
  • Preface
  • The Company
  • Objectives of Erwin Junker Maschinenfabrik GmbH in Information Security
  • Approach and Methodology
  • Role of the Information Security Officer (ISO)
  • Role of the Data Protection Officer (DPO)
  • Expectations for Partners and Suppliers

2. Preface

Erwin Junker Maschinenfabrik GmbH considers it its core task to provide its customers with consistently high-quality products and services. This task requires, among other things, a careful handling of all confidential information.

It is therefore the goal to protect information as a valuable asset appropriately with regard to confidentiality, availability, and integrity.

To ensure reliable and secure operations, Erwin Junker Maschinenfabrik GmbH continuously develops its tasks and processes, as well as the information systems required for them, through appropriate measures.

This objective is sustainably supported by an Information Security Management System (ISMS) in accordance with the international TISAX standard, which is aligned with ISO/IEC 27001. To maintain the effectiveness of the ISMS, it is continuously evaluated, monitored, and improved where necessary. For this purpose, Erwin Junker Maschinenfabrik GmbH has implemented a comprehensive security strategy.

Information security is a responsibility shared by all employees and departments at Erwin Junker Maschinenfabrik GmbH. The management bears responsibility for information security and thus also for the ISMS.

Management commits to providing sufficient resources for the establishment and operation of the ISMS and to supporting its ongoing operation.

Each employee within the scope of application is required to comply with the rules of information security and is encouraged to contribute to its further development by identifying areas for improvement.

3. The Company

Erwin Junker Maschinenfabrik GmbH develops, manufactures, and distributes high-precision grinding machines for metalworking as well as filtration systems for industrial air purification.

Erwin Junker Maschinenfabrik GmbH is one of the global leaders in machine and plant engineering—a strong partner for customers who seek customized solutions, expert consulting, financing models, and uncompromising service.

4. Objectives of Erwin Junker Maschinenfabrik GmbH in Information Security

Our employees process, transport, store, review, evaluate, and archive data and information every day for our customers and ourselves. The following security objectives must be achieved:

  • Handling Information Security Risks
    Erwin Junker Maschinenfabrik GmbH gives high priority to the prevention of information risks, thereby avoiding financial damage and reputational loss.
     
  • Protection Goals
    The confidentiality, integrity, and availability of information and data of Erwin Junker Maschinenfabrik GmbH and its customers, service providers, and suppliers are ensured.
     
  • Information Security as Part of Daily Work
    Service processes are designed transparently and secured through the security organization (ISMS).
     
  • Minimization of Risks Through a Risk-Based Approach
    Information security risks are identified and assessed. Appropriate measures are developed and implemented, considering cost-effectiveness, to limit risks to an acceptable level.
     
  • Compliance
    All security-relevant activities are carried out in accordance with legal requirements, standards, and best practices. Responsibilities are clearly defined.
     
  • Ensuring Compliance with Contractual Obligations
    Transparency of all agreements is ensured for affected departments, responsible employees, and both external and internal service providers.
     
  • Requirements for Information Security
    The required level of information security is derived from business requirements. Project managers and other responsible staff proactively define these requirements within their scope, in consultation with the Information Security Officer (ISO).

5. Approach and Methodology

The objectives described above are achieved by implementing and operating an Information Security Management System (ISMS) in accordance with the TISAX standard.

Within the ISMS, all information security risks that pose a threat to the company’s information assets are managed. For this purpose, a risk management system is operated with a focus on protecting information assets.

6. Role of the information security officer (ISO)

The ISO of Erwin Junker Maschinenfabrik GmbH is the contact person for questions about information security and is responsible for the development and fulfillment of the requirements of the information security concept.

The information security-relevant incidents (ISVs) are controlled by the ISO and can be delegated by him to the appropriate specialist department.

7. Role of the Information Security Officer (ISO)

The ISO of Erwin Junker Maschinenfabrik GmbH is the point of contact for all matters related to information security and is responsible for developing and fulfilling the requirements of the information security concept.

Information security-related incidents are monitored by the ISO and may be delegated by them to the appropriate department.

8. Expectations for Partners and Suppliers

Erwin Junker Maschinenfabrik GmbH expects that the relevant infrastructures and protective measures of its partners and suppliers, as well as their subcontractors, reflect the current state of the art, effectively support operational processes, and take information security requirements into account.

The service provider / supplier must:

  1. comply with the following rules (points 2 to 13) of Erwin Junker Maschinenfabrik GmbH within the scope of their activities and follow instructions.
  2. regulate and additionally monitor access to particularly sensitive information (all non-public business, financial, technical, legal, tax, and other information; including data, records, know-how, intentions, findings, experiences, project details, schedules, drawings, sketches, measurement results, descriptions, machine concepts, specifications, processes, ideas, samples, etc., unpublished intellectual property, and all other work results and trade and business secrets relating to Erwin Junker Maschinenfabrik GmbH or affiliated companies, regardless of how such information is made available).
  3. not reproduce any information provided (including data, data carriers, etc.) by photocopying or any other means.
  4. protect secure areas, distribution facilities, systems, and network components through appropriate access controls to ensure that only authorized personnel have access and unauthorized use is prevented.
  5. ensure appropriate monitoring of access control compliance.
  6. ensure that authorized users can only access information within their access rights and that information cannot be read, copied, modified, or removed without authorization during processing, use, or after storage (access control).
  7. ensure that information cannot be read, copied, modified, or removed without authorization during electronic transmission, transport, or storage, and that it can be verified where information is being transmitted (transfer control).
  8. ensure that it can be verified retrospectively whether and by whom information has been entered, modified, or removed (input control).
  9. ensure that information is protected against accidental destruction or loss (availability control).
  10. ensure that personnel are regularly trained on information security and data protection requirements, that this is documented, and that new personnel are vetted prior to deployment where necessary. Adequate resources must be planned to meet contractual information security requirements.
  11. only subcontract with prior consultation with Erwin Junker Maschinenfabrik GmbH, in compliance with these provisions, and subject to signing a confidentiality agreement accepted by the company.
  12. establish a suitable process to respond to and manage information security incidents appropriately and immediately report such incidents to Erwin Junker Maschinenfabrik GmbH. Data protection or information security incidents must be reported in writing without delay to security@junker.de.
  13. allow compliance with these rules to be audited by Erwin Junker Maschinenfabrik GmbH as needed and/or regularly.

Erwin Junker Maschinenfabrik GmbH reserves the right to adapt this information security policy as necessary.