top of page

Safety Guideline

The role of information security
NP4 GmbH attaches great importance to the successful positioning of its company and its services on the market. To achieve this, the use of state-of-the-art information technologies is essential. Despite the opportunities that these technologies offer, there are always new risks. The management recognises the importance of information security as a strategic task in order to maintain reputation and achieve corporate goals.

The aim of information security is to make security risks transparent and minimise them through suitable measures. The management assumes overall responsibility and supports this through commitment within the organisation and by providing appropriate resources for the development and operation of an Information Security Management System (ISMS).

This guideline on information security serves as a corporate standard that forms the basis for the implementation of technical, organisational, personnel and infrastructural measures. These measures are necessary to maintain the high level of information security at NP4 GmbH. These efforts are intended to ensure adequate protection of information and information-processing facilities in order to prevent potential damage.

Scope of ISMS

This Information Security Policy of NP4 GmbH has a scope that extends to the processing of global travel data for business travel services. This includes process development, optimisation, data preparation, quality assurance and the provision of management systems. The guideline applies to all organisational units and service providers of NP4 GmbH.

The target group is all employees of NP4 GmbH and the guideline is binding. External service providers and employees are also obliged to adhere to the guideline.

As an IT service provider and system integrator, NP4 GmbH must comply with legal regulations, including the GDPR, BDSG, TKG, TMG, HGB, GmbHG and GoBD. These regulations must be taken into account when setting up the Information Security Management System (ISMS).

In addition to the legal regulations, the international standards ISO/IEC 27001 and TISAX AL2 are binding within NP4 GmbH. The guideline on information security is substantiated by subordinate documents, including information security principles, process-, application- and system-specific standards as well as instructions for action and organisation. These documents are binding for all employees and are adapted to changes and communicated as part of a continuous process.

Principles of information security
1. information security as an integral part of business policy: Information security is a strategic component of the business policy and corporate philosophy of NP4 GmbH.
2. protection of information assets: Information in any form and the information-processing facilities are adequately protected against loss of confidentiality, integrity and availability.
3. adherence to legal requirements (compliance): The obligation to comply with national and European laws and other supplementary regulations regarding information security applies.
4. information security as a task for all employees: Every employee of NP4 GmbH takes into account the concerns of information security and acts responsibly and security-consciously. Everyone supports the ISO in its tasks. The application of the security principles is concretised and adapted by specific documents and forms the binding basis for action.
5. promotion of security awareness: internal company guidelines, standards, guidelines and sensitisation measures enable all employees to understand and take into account the requirements for information security.

Translated with (free version)

bottom of page