Security Policy

Updated 15.02.2022

1. Goal

The goal of information security is to ensure business operations and minimise the risk of harm by preventing security incidents and reducing their potential impact. The goal is also to protect all personal information against all internal, external, intentional or accidental threats. For this reason, an Information Security Management System (ISMS) has been established and is regularly reviewed for effectiveness and adequacy.

Through this information security policy, the management assumes overall responsibility.

2. Importance of information security

The successful planning, implementation and support of IT infrastructures and complex projects for customers implies fast, secure and up-to-date access to information on which the success of our company depends. Misuse of this information not only damages our image and reputation, but can also result in legal consequences and claims for damages. Accordingly, this misuse must be prevented.

Functioning information technology and security-conscious handling of it are essential prerequisites for our daily work processes and the trust of our customers and business partners.

3. Safety goals and core elements of the safety strategy

Our goal is to achieve the highest possible level of information security and to minimise remaining risks.

To achieve this goal, we aim to ensure that the following information security aspects are achieved:

• Protecting information against all unauthorised access
• Ensuring the confidentiality of information
• Ensuring the integrity of information
• Ensuring the availability of information
• Meeting legislative and regulatory requirements for the information security system
• Develop, manage and test contingency plans
• Providing and conducting information security awareness education and privacy training for all employees
• Report and investigate actual or suspected information security breaches to the ISMS team
• Reporting and investigating actual or suspected data breaches to the Data Protection Officer

4. Organisational structure

To achieve the security objectives, an information security officer (ISB for short) and an ISMS team are appointed. The ISB and the ISMS team are responsible for creating and updating the security concept and for maintaining the security level. In their function, they report directly to the management.

The ISMS team is provided with sufficient financial and time resources by the management to carry out its activities. The ISMS team shall be adequately supported by the management as well as by the employees and shall be involved in all projects at an early stage in order to take security-relevant aspects into account already in the planning phase. The same applies if personal data is involved. Employees must comply with the instructions of the ISMS team on security-relevant issues. The data protection officer (DPO for short) is part of the ISMS team and is responsible for information security together with the ISB.

The ISMS team is responsible for

• escalation of any risks to management
• advising employees on information security issues
• the training of employees with regards to information security

Contact Us

Don’t hesitate to contact us if you have any questions.

• Via Email: info@realto.io
• Via Phone: +32 2891 8072
• Via this Link: https://realto.io/contact/