Information security

Information security

Information security

Responsible for the information security:

Drescher Consulting GmbH
Jahnstr. 12
70597 Stuttgart

Contact details of our information security officer:

E-Mail: security.information@drescher-consulting.de

Company guideline on information security

The company guideline describes the policy and strategy of Drescher Consulting GmbH regarding information security. The aim is to define the purpose, orientation, principles and basic rules for the employees of Drescher Consulting GmbH regarding information security, which is presented in the information security management system.

Scope of application

The scope of the Drescher Consulting GmbH information security system and all associated information security guidelines extends to the entire company at the Stuttgart site and all business processes. This also includes all mobile activities of globally deployed employees, including all project offices in customer offices.

The company guidelines for information security and the information security guidelines of Drescher Consulting GmbH are presented and managed in Wiki cloud system ‘Qwiki’) as an ISMS. They are a request and obligation for legally compliant behaviour and a responsible handling of the information security infrastructure of Drescher Consulting GmbH for all those who use this infrastructure. They are made known to all employees, customers, partners and, if applicable, other persons or institutions, i.e. all interested parties, in an appropriate manner.

Interested parties

Interested parties of the company are:

  • Shareholder
  • Management
  • Clients
  • Suppliers
  • Employees
  • Legislator
  • Authorities without BSI, BNetzABSI
  • BSI
  • BNetzA
  • Business partners
  • Competitors

Information security policy

Information is one of Drescher Consulting GmbH’s most important assets. Information is available in various forms: as paper, e-mail, spoken word or know-how and especially in digital form in connection with information-processing IT systems.

As a consulting company, Drescher Consulting GmbH is therefore dependent on modern information and communication technology to carry out its business processes, to provide services for its customers and to be able to work together with customers and business partners. The information processing IT systems should therefore always be available.

Compliance with legal regulations and contractual requirements

In addition, there are obligations to ensure information security and data protection based on laws such as the German Data Protection Act (DSGVO) and contractual obligations towards customers, employees and project partners.

Importance of information security

The protection of information and the information and communication infrastructure of Drescher Consulting GmbH against misuse, manipulation, disruption and the protection of stored and processed information against manipulation or spying – in short: information security – is therefore of existential importance to Drescher Consulting GmbH.

Drescher Consulting GmbH sees information security as an essential customer service that protects the confidentiality of information and ensures the availability and integrity of our processes and services.

Information security guidelines

Utilizing the potential of a functioning information security management system is an important task for maintaining competitiveness and supports the company’s strategic goals with regard to information security. For this reason, the management of Drescher Consulting GmbH has adopted the following points for the handling of Drescher Consulting GmbH’s information technology. In addition, the company’s ISMS contains a large number of guidelines for ensuring information security.

Information security objectives and measures to maintain information security

The objectives of information security are to secure sustained business success and continuous business operations. Ensuring information security is therefore in Drescher Consulting GmbH’s own interests, but also in the interests of its interested parties, such as customers, employees, suppliers and business partners. In order to ensure information security to the greatest possible extent, it is necessary to manage appropriate security measures, taking into account a wide range of risks.

  • Drescher Consulting GmbH protects its own ability to work, trustworthiness and reliability: Protection of reputation.
  • Drescher Consulting GmbH protects the confidentiality of the processed and stored information of its customers, business partners and employees.
  • Drescher Consulting GmbH protects confidential information such as business processes, contract data or other business secrets.
  • Drescher Consulting GmbH guarantees the availability of its IT systems, programs and information.
  • Drescher Consulting GmbH protects the integrity of its IT systems, programs and information.
  • Drescher Consulting GmbH prevents the misuse of its IT systems, programs and information against improper use, use by unauthorized persons.
  • Drescher Consulting GmbH protects the customer information it receives and processes against misuse, third-party use and unauthorized access.

Protective measures

The protective measures include:

  • technical measures (software, hardware, configuration)
  • organizational precautions (binding rules and guidelines)
  • personnel measures (training, employee selection)

The protective measures are set out in several processes and guidelines within the Drescher Consulting GmbH wiki system (Qwiki) and must be followed by all employees.

Organizational structure and responsibility

Achieving, maintaining and continuously improving an appropriate level of information security requires the ongoing commitment of all persons involved in information processing, such as management, users and administrators of IT systems (as well as quality management staff).

Ongoing improvements

The ongoing improvement of the targeted level of information security and data protection is ensured by continuously reviewing the regulations. This includes regular audits and effectiveness reviews with the help of KPIs. All employees are obliged to support the ISB in this task.

The corporate guideline on information security is reviewed at regular intervals to ensure that it is up to date, effective and adjusted if necessary. In particular, the corporate guideline on information security is reviewed and adapted in the event of changes to the threat situation due to current events or the introduction of new technologies at Drescher Consulting GmbH. Irrespective of this, the corporate guideline, including all guidelines in the ISMS, is revised at least once a year.

Information security awareness training

Through awareness-raising training and sensitization measures, the management and the responsible employees of Drescher Consulting GmbH ensure that new employees as well as existing employees are made aware of compliance with the corporate guideline on information security and the associated guidelines. Employees are made aware of information security issues and threats at regular intervals (at least once a year). Employees who have direct access to sensitive information are familiarized with the risks associated with information security and the measures for protection in internal or external training sessions.

External parties are also made aware of and informed about the corporate guideline on information security by the ISB if required.

Disciplinary measures

The management and senior executives ensure that the information security guidelines are followed by all employees. Employees who violate these guidelines may be subject to appropriate sanctions. Serious violations of the information security principles may result in a warning or immediate dismissal of an employee.