Information Security Policy – Executive Summary

Aware of the stakes of our business, our activities, and also the requirements and expectations of our clients and prospects, we confirm our commitment to implementing a controlled and secure information systems policy. This policy aims to define security rules and ensure control of systems and information resources, as well as those of our clients. In this sense, we adopt the ISO 27001 standard and TISAX as a reference framework for security to:

  • Guarantee comprehensive risk management, in line with international standards.
  • Ensure that security action plans are carried out, thus facilitating other normative processes.

The foundations of our Information Systems policy:

  • Set up and maintain an infrastructure guaranteeing the reliability and availability of the computer services provided.
  • Integrate resources according to normative criteria (availability, integrity, and confidentiality).
  • Guarantee project management compliant with the current requirements of our partners.
  • Ensure the awareness of our employees to respect legal, regulatory, and normative requirements.
  • Ensure continuous improvement.

Our commitments:

  • Ensure the availability of resources and skills necessary to perform the services.
  • Define roles and responsibilities at all decision-making levels, regarding IT management and information systems security.
  • Define and implement management rules adapted to the assessed risks.
  • Set up bodies and monitoring systems to ensure compliance with our internal and external commitments.
  • Ensure compliance with regulatory, legislative, and contractual requirements established with our clients or other parties.
  • Ensure the implementation of detection and prevention measures adapted to information security risks.
  • Set up, test, and maintain business continuity and crisis management plans.
  • Regularly assess information security risks and ensure continuous improvement.

Our objective: Guarantee a reliable, secure, and available Information System.

The contact with authorities is the General Manager, who may involve other roles depending on the context, or delegate this mission to them.

This policy is of strategic importance and constitutes a major commitment to our clients and employees.

Together, let us support this policy.

NGBS Director