{"id":6400,"date":"2023-03-23T16:59:31","date_gmt":"2023-03-23T15:59:31","guid":{"rendered":"https:\/\/www.drescher-consulting.de\/?page_id=6400"},"modified":"2025-10-31T17:41:07","modified_gmt":"2025-10-31T16:41:07","slug":"information-security","status":"publish","type":"page","link":"https:\/\/www.drescher-consulting.de\/en\/information-security\/","title":{"rendered":"Information security"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">Information security<\/h1>\n\n\n\n<style>\n  .content-wrapper {\n    max-width: 900px;\n    margin: 0 auto;\n    padding: 0 1rem;\n  }\n\n  \/* Kontakt Box *\/\n  .kontakt-box {\n    background-color: #f5f5f5;\n    border: 1px solid #dcdcdc;\n    border-radius: 4px;\n    padding: 1.5rem;\n    margin-bottom: 2rem;\n  }\n\n.main-section {\n  padding: 1 rem 0;\n  border-top: 1px solid #dcdcdc;\n}\n.main-section:first-of-type {\n  border-top: none; \/* Die erste Sektion soll oben keine Linie haben *\/\n}\n\n  \/* Nummerierung vor \u00dcberschrift *\/\n  .main-section > h2[data-number]::before {\n    content: attr(data-number) \" \";\n  }\n\n  .sub-section > h3[data-number]::before {\n    content: attr(data-number) \" \";\n  }\n\n  \/* Quadratische Bullets *\/\n  .content-wrapper ul {\n    list-style-type: square;\n    margin: 0 0 1.2rem 1.5rem;\n    padding: 0;\n  }\n  .content-wrapper li {\n    margin-bottom: 0.4rem;\n  }\n\n  a:hover {\n    text-decoration: underline;\n  }\n<\/style>\n\n<div class=\"content-wrapper\">\n\n  <!-- Kontaktbereich -->\n  <div class=\"kontakt-box\">\n    <h1>Information security<\/h1>\n    <h2>Responsible for the information security:<\/h2>\n    <p>\n      Drescher Consulting GmbH<br>\n      Jahnstr. 12<br>\n      70597 Stuttgart\n    <\/p>\n\n    <h3>Contact details of our information security officer:<\/h3>\n    <p>\n      E-Mail: <a href=\"mailto:security.information@drescher-consulting.de\">\n      security.information@drescher-consulting.de<\/a>\n    <\/p>\n  <\/div>\n\n  <div class=\"main-section\">\n    <h1>Company guideline on information security<\/h1>\n    <p> The company guideline describes the policy and strategy of Drescher Consulting GmbH regarding information security. The aim is to define the purpose, orientation, principles and basic rules for the employees of Drescher Consulting GmbH regarding information security, which is presented in the information security management system.<\/p>\n  <\/div>\n\n  <div class=\"main-section\">\n    <h2 data-number=\"1.\">Scope of application<\/h2>\n    <p>\n      The scope of the Drescher Consulting GmbH information security system and all \nassociated information security guidelines extends to the entire company at the \nStuttgart site and all business processes. This also includes all mobile activities of \nglobally deployed employees, including all project offices in customer offices.\n <\/p>\n    \n<p>\n      The company guidelines for information security and the information security \nguidelines of Drescher Consulting GmbH are presented and managed in Wiki cloud system \u2018Qwiki\u2019) as an ISMS. They are a request and obligation for legally compliant behaviour and a responsible handling of the information security infrastructure of Drescher Consulting GmbH for all those who use this infrastructure. They are made known to all employees, customers, partners and, if applicable, other persons or institutions, i.e. all interested parties, in an appropriate manner.<\/p>\n  <\/div>\n\n  <div class=\"main-section\">\n    <h2 data-number=\"2.\">Interested parties<\/h2>\n    <p>Interested parties of the company are:<\/p>\n    <ul>\n      <li>Shareholder<\/li>\n      <li>Management<\/li>\n      <li>Clients<\/li>\n      <li>Suppliers<\/li>\n      <li>Employees<\/li>\n      <li>Legislator<\/li>\n      <li>Authorities without BSI, BNetzABSI<\/li>\n      <li>BSI<\/li>\n      <li>BNetzA<\/li>\n      <li>Business partners<\/li>\n      <li>Competitors<\/li>\n    <\/ul>\n  <\/div>\n\n  <div class=\"main-section\">\n    <h2 data-number=\"3.\">Information security policy<\/h2>\n    <p>\n      Information is one of Drescher Consulting GmbH&#8217;s most important assets. Information is available in various forms: as paper, e-mail, spoken word or know-how and especially in digital form in connection with information-processing IT systems. \n    <\/p>\n    <p>\n      As a consulting company, Drescher Consulting GmbH is therefore dependent on modern information and communication technology to carry out its business processes, to provide services for its customers and to be able to work together with customers and business partners. The information processing IT systems should therefore always be available.\n    <\/p>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"3.1.\">Compliance with legal regulations and contractual requirements<\/h3>\n    <p>\n      In addition, there are obligations to ensure information security and data protection based on laws such as the German Data Protection Act (DSGVO) and contractual obligations towards customers, employees and project partners.\n    <\/p>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"3.2.\">Importance of information security<\/h3>\n    <p>\n     The protection of information and the information and communication infrastructure of Drescher Consulting GmbH against misuse, manipulation, disruption and the protection of stored and processed information against manipulation or spying &#8211; in short: information security &#8211; is therefore of existential importance to Drescher Consulting GmbH. \n    <\/p>\n    <p>\n      Drescher Consulting GmbH sees information security as an essential customer service that protects the confidentiality of information and ensures the availability and integrity of our processes and services.\n    <\/p>\n  <\/div>\n\n  <div class=\"main-section\">\n    <h2 data-number=\"4.\">Information security guidelines <\/h2>\n    <p>\n      Utilizing the potential of a functioning information security management system is an important task for maintaining competitiveness and supports the company&#8217;s strategic goals with regard to information security. For this reason, the management of Drescher Consulting GmbH has adopted the following points for the handling of Drescher Consulting GmbH\u2019s information technology. In addition, the company&#8217;s ISMS contains a large number of guidelines for ensuring information security.\n    <\/p>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"4.1.\">Information security objectives and measures to maintain information security<\/h2>\n    <p>The objectives of information security are to secure sustained business success and continuous business operations. Ensuring information security is therefore in Drescher Consulting GmbH\u2019s own interests, but also in the interests of its interested parties, such as customers, employees, suppliers and business partners. In order to ensure information security to the greatest possible extent, it is necessary to manage appropriate security measures, taking into account a wide range of risks.\n<\/p>\n    <ul>\n<li>Drescher Consulting GmbH protects its own ability to work, trustworthiness and reliability: Protection of reputation.<\/li>\n<li>Drescher Consulting GmbH protects the confidentiality of the processed and stored information of its customers, business partners and employees.<\/li>\n<li>Drescher Consulting GmbH protects confidential information such as business processes, contract data or other business secrets.<\/li>\n<li>Drescher Consulting GmbH guarantees the availability of its IT systems, programs and information.\n<li>Drescher Consulting GmbH protects the integrity of its IT systems, programs and information.<\/li>\n<li>Drescher Consulting GmbH prevents the misuse of its IT systems, programs and information against improper use, use by unauthorized persons.<\/li>\n<li>Drescher Consulting GmbH protects the customer information it receives and processes against misuse, third-party use and unauthorized access.\n<\/li>\n    <\/ul>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"4.2.\">Protective measures<\/h3>\n    <p>The protective measures include:<\/p>\n    <ul>\n      <li>technical measures (software, hardware, configuration) <\/li>\n  <li>organizational precautions (binding rules and guidelines) <\/li>\n  <li> personnel measures (training, employee selection) <\/li>\n    <\/ul>\n <p>The protective measures are set out in several processes and guidelines within the Drescher Consulting GmbH wiki system (Qwiki) and must be followed by all employees.<\/p>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"4.3.\">Organizational structure and responsibility<\/h3>\n    <p>\n      Achieving, maintaining and continuously improving an appropriate level of information security requires the ongoing commitment of all persons involved in information processing, such as management, users and administrators of IT systems (as well as quality management staff).\n    <\/p>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"4.4.\">Ongoing improvements<\/h3>\n    <p> The ongoing improvement of the targeted level of information security and data protection is ensured by continuously reviewing the regulations. This includes regular audits and effectiveness reviews with the help of KPIs. All employees are obliged to support the ISB in this task.<\/p>\n\n <p> The corporate guideline on information security is reviewed at regular intervals to ensure that it is up to date, effective and adjusted if necessary. In particular, the corporate guideline on information security is reviewed and adapted in the event of changes to the threat situation due to current events or the introduction of new technologies at Drescher Consulting GmbH. Irrespective of this, the corporate guideline, including all guidelines in the ISMS, is revised at least once a year.<\/p>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"4.5.\">Information security awareness training<\/h2>\n    <p> Through awareness-raising training and sensitization measures, the management and the responsible employees of Drescher Consulting GmbH ensure that new employees as well as existing employees are made aware of compliance with the corporate guideline on information security and the associated guidelines. Employees are made aware of information security issues and threats at regular intervals (at least once a year). Employees who have direct access to sensitive information are familiarized with the risks associated with information security and the measures for protection in internal or external training sessions. <\/p>\n  <p>External parties are also made aware of and informed about the corporate guideline on information security by the ISB if required.<\/p>\n  <\/div>\n\n  <div class=\"sub-section\">\n    <h3 data-number=\"4.6.\">Disciplinary measures<\/h3>\n    <p> The management and senior executives ensure that the information security guidelines are followed by all employees. Employees who violate these guidelines may be subject to appropriate sanctions. Serious violations of the information security principles may result in a warning or immediate dismissal of an employee.\n    <\/p>\n  <\/div>\n\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Information security Information security Responsible for the information security: Drescher Consulting GmbH Jahnstr. 12 70597 Stuttgart Contact details of our information security officer: E-Mail: security.information@drescher-consulting.de Company guideline on information security The company guideline describes the policy and strategy of Drescher Consulting GmbH regarding information security. The aim is to define the purpose, orientation, principles and&#8230;<\/p>\n<p class=\"more-link\"><a href=\"https:\/\/www.drescher-consulting.de\/en\/information-security\/\" class=\"\"><span>Read More<\/span><i>&#43;<\/i><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-6400","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/pages\/6400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/comments?post=6400"}],"version-history":[{"count":10,"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/pages\/6400\/revisions"}],"predecessor-version":[{"id":9720,"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/pages\/6400\/revisions\/9720"}],"wp:attachment":[{"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/media?parent=6400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/categories?post=6400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.drescher-consulting.de\/en\/wp-json\/wp\/v2\/tags?post=6400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}