In order to achieve its business goals and to comply with legal and contractual requirements, Braid Amsterdam protects sensitive business information (including information from customers and personal data that have been entrusted to us) to the best of its ability. We strive to protect sensitive business information from all internal, external, intentional and unintentional threats that could harm the confidentiality, integrity or availability of that information. All employees of the Braid Amsterdam group are responsible for the implementation of this policy and have the support of Braid Amsterdam Management for this.
- Handle sensitive company information according to company policy and manage it in a secure manner to prevent unwanted disclosure, alteration or loss
- identify and report deficiencies and incidents in the security of information.
Moreover, Braid Amsterdam Management sees to it that:
- information security risks are continuously monitored and measures are taken to reduce these risks to acceptable levels;
- information security procedures and work instructions are developed, communicated and complied with and relevant work is documented;
- information security is embedded in the organization and information security tasks are performed by qualified personnel or outsourced to qualified third parties;
- personnel are informed of legal and contractual requirements with regard to information security and are trained in recognizing the risks in handling personal information and in the use of e-mail and internet;
- sensitive business information is only made available and accessible to authenticated and authorized personnel when and where necessary for business purposes;
- IT systems, networks and infrastructures that process sensitive business information have low complexity, are designed with security as a starting point and are properly protected and managed;
- information security incidents and weaknesses are treated in a structured way and used to continuously improve our security position;
- independent audit and assessment have been introduced and are being used to continually improve critical business processes and the security of information;
- for products, services and tasks originating from or outsourced to third parties, the security of sensitive business information is contractually guaranteed and meets the legal requirements;
This policy has been approved by the CEO; it will be reviewed and updated annually in the event of changes in applicable legislation or the risk landscape, so that it continues to support our ability to serve our customers safely.