The availability of relevant information is vital for the quality of work results. terranets bw therefore maintains a transparent information politicy. At the same time, information at terranets bw is subject to special protection against external and internal threats caused by deliberate or accidental actions.
The subject of our protective measures includes all information such as digital data on servers, mobile devices, removable media etc. that can be transmitted via networks, information in paper form, printed out or handwritten, as well as information that can be passed on orally or by telephone.
In order to protect this information, we have introduced an Information Security Management System (ISMS) that is continuously updated and developed. For the "network control / network monitoring" application area, terranets bw maintains regular certification based on IT security catalogue standards according to section 11 (1a) of the Energy Industry Act (EnWG).
Here you will find detailed information on our ISMS.
The Information Security Management System at terranets bw is based on the following principles:
1. We protect terranet´s valuable and confidential information and that of our business partners from unauthorised access across all communication interfaces ("confidentiality").
2. We protect information from unauthorised changes ("integrity").
3. We ensure access to current and necessary information as well as to supporting procedures and systems ("availability").
4. We maintain reliable and continuous operation.
5. We comply with legal and contractual requirements, in particular with the IT Security Catalogue pursuant to Article 11 (1 a) of the Energy Industry Act (EnWG).
6. Based on annual objective programmes, we have implemented a continuous and sustainable improvement process with identification, evaluation and management of existing information security risks.
7. Within the framework of the ISMS, all company values are considered, especially in the application field "Network Control / Networking Monitoring". Company values include for example business processes, information, documents and technologies or infrastructure (control systems, information and telecommunications technology, networks, etc.) as well as company locations and employees.
8. Our ISMS contributes to protecting ourselves from potential threats to our company values by using technical and organisational measures in an appropriate and economically viable way.
9. Each one of us treats the information put at our disposal with care. We report any possible threats or weak spots directly to the named places and thus contribute to continuously improving our ISMS.
All managers are directy responsible for implementing and complying with the principles of information security and the applicable documents of the ISMS manual within their organisational units.
Every employee is responsible for complying with the principles of information security. The ISMS manual along with all other complementary guidelines, procedural instructions and process descriptions are binding for employees and managers and serve to ensure that the information security requirements are continually fulfilled.
The regulations are therefore to be observed at all times. Should this not be possible in justified cases, a security incident is to be reported to the information security officer including the grounds for non-compliance in accordance with the process "Dealing with Security Incidents". This process serves to initiate the continuous improvement process.
Non-compliance with information security regulations may lead to disciplinary steps under labour law.
Proprietary documentation serves to secure terranets bw´s value creation and is at all times generated, updated and stored under the principles of effectiveness and economic appropriateness (efficiency). In all cases, the requirements for steering documented information in the ISMS are to be observed.
The Information Security Officer exercises a central role in the ISMS of terranets bw. He or she is responsible, in particular, for initiating and maintaining the continuous improvement process pertaining to the ISMS as well as for providing regular training for employees and managers relating to the internal ISMS regulations needed.
terranet bw´s Information Security Officer is to be consulted in questions of interpretation and in cases of doubt.
terranets bw fulfils the requirements of the regulations set out in the IT Security Catalogue pursuant to Article 11 (1a) of the Energy Industry Act (EnWG) (08/2015).
In February 2021, a re-certification audit serving to test the Information Security Management System at terranets bw was conducted by independent, external auditors. Based on the audit report, the effectiveness of our management system was confirmed. terranets bw will deploy this system for further developing and improving its processes. The certificate issued is valid until 28.01.2024 and is checked by TüV Rheinland Cert GmbH annually.