The availability of relevant information is essential for the quality of work deliverables. terranets bw maintains a transparent information policy that must be combined with appropriate protection of information in accordance with state-of-the-art technology and know-how. To achieve this, suitable information security measures must be taken and continuously developed.
The aim is to protect information held by terranets bw from external and internal threats caused by intentional or accidental actions.
The subject matter of protective measures constitutes all information such as digital data on servers, mobile devices, removable storage media etc. that can be transmitted via networks, information in paper form, printed or handwritten, as well as information that can be passed on verbally or by telephone.
In order to ensure the protection of this information, terranets bw has introduced an Information Security Management System (ISMS) that is continuously updated and developed. For the application field “Network Control / Network Monitoring“ terranets bw will maintain regular certification based on the IT Security Catalogue standard pursuant to Section 11 (1a) of the Energy Industry Act (EnWG).
Securing reliable and continuous operation of critical infrastructures of the gas transmission system and the underground gas storage facilities is a central aim for ensuring the security of supply for natural gas in Baden-Württemberg and adjacent regions by terranets bw.
The Information Security Management System of terranets bw is based on the following principles:
The terranets bw management team strives to continually improve the ISMS and comply with legal, contractual and organisational stipulations.
All managers are directly responsible for implementing and complying with the principles of information security and the valid documents of the ISMS manual within their organisational units.
Every employee is responsible for complying with the principles of information security. The ISMS manual along with all other complementary guidelines, procedural instructions and process descriptions are binding for employees and managers and serve to ensure that the information security requirements are continually fulfilled. The regulations are therefore to be observed at all times. Should this not be possible in justified cases, a security incident is to be reported to the information security officer including the grounds for non-compliance in accordance with the process “Dealing with Security Incidents“. This process serves to initiate the continuous improvement process.
Non-compliance with information security regulations may lead to disciplinary steps under labour law.
Proprietary documentation serves to secure the value creation of terranets bw and is at all times generated, updated and stored under the principles of effectiveness and economic appropriateness (efficiency). In all cases, the requirements for steering documented information in the ISMS are to be observed.
The Information Security Officer exercises a central role in the ISMS of terranets bw. He or she is responsible, in particular, for initiating and maintaining the continuous improvement process pertaining to the ISMS as well as for providing regular training for employees and managers relating to the internal ISMS regulations needed.
The Information Security Officer of terranets bw is to be consulted in questions of interpretation and in cases of doubt.
terranets bw fulfils the requirements of the regulations set out in the IT Security Catalogue pursuant to Article 11 (1a) of the Energy Industry Act (EnWG) (08/2015).
In January 2018, a certification audit serving to test the Information Security Management System at terranets bw was conducted by independent, external auditors. Based on the audit report, the effectiveness of our management system was confirmed. terranets bw will deploy this system for further developing and improving its processes. The certificate issued is valid until 28.01.2021 and is checked by TüV Rheinland Cert GmbH annually.