Information Security Policy

Updated 2025.01.15

1. Goal

At re.alto-energy, we prioritise the privacy and security of our customers’ data, as well as the resilience and reliability of our cloud services. Our developments and operations are designed with Information security in mind. Our goal is to ensure uninterrupted business operations and minimise the risk of harm by preventing security incidents and reducing their potential impact. The goal is also to protect all information (data) against all internal, external, intentional or accidental threats. For this reason, an extensive Information Security Management System (ISMS) has been established and is regularly reviewed for effectiveness and adequacy.

Through this information security policy, the management assumes overall responsibility.

2. Importance of information security

The successful planning, implementation and support of IT environments and complex projects for customers implies fast, secure and up-to-date access to information on which the success of our company depends. Misuse of this information not only damages our image and reputation, but can also result in legal consequences and claims for damages. Accordingly, this misuse must be prevented.

Functioning information technology and security-conscious handling of it are essential prerequisites for our daily work processes and the trust of our customers and business partners. For this reason, re.alto-energy is the proud owner of an ISO/IEC 27001 certification.

3. Safety goals and core elements of the safety strategy

Our goal is to achieve the highest possible level of information security and to minimise remaining risks.

To achieve this goal, we aim to ensure that the following information security aspects are achieved:

  • Protecting information against all unauthorised access
  • Ensuring the confidentiality of information
  • Ensuring the integrity of information
  • Ensuring the availability of information
  • Meeting legislative and regulatory requirements for the information security system
  • Develop, manage and test contingency plans
  • Providing and conducting information security awareness education and privacy training for all employees
  • Report and investigate actual or suspected information security breaches to the ISMS team
  • Reporting and investigating actual or suspected data breaches to the Data Protection Officer

4. Organisational structure

To achieve the security objectives, an information security officer (ISB for short) and an ISMS team are appointed. The ISB and the ISMS team are responsible within re.alto-energy for creating and updating the security concept and for maintaining the security level. In their function, they report directly to the general management.

The ISMS team is provided with sufficient financial and time resources by the management to carry out its activities and is adequately supported by both the management and the staff of re.alto. They are involved in all projects at an early stage in order to take security-relevant aspects into account already in the planning phase. The same applies if personal data is involved. Employees must comply with the instructions of the ISMS team on security-relevant issues. The data protection officer (DPO for short) is part of the ISMS team and is responsible for information security together with the ISB.

The ISMS team is responsible for

  • escalation of any risks to management
  • advising employees on information security issues
  • the training of staff with regards to information security

Contact Us

Don’t hesitate to contact us if you have any questions.

Security Policy - ISO27001 Certificate