top of page
Information Security and Data Protection Guideline

1. Preamble

In the modern business world, the secure and responsible handling of information is indispensable. At NP4 GmbH, the protection of sensitive data, especially personal information, is an integral part of our daily operations. Our success is built on the trust of our customers and partners, and we maintain this trust by upholding the highest standards in information security and data protection. The confidentiality, integrity, and availability of this data are not only legal obligations but also essential pillars of our reputation and business success.
 

2. Corporate and Security Objectives

Our strategic corporate goals include the continuous enhancement of our market position, the expansion of our customer base, and the assurance and improvement of the quality of our services. These objectives are closely linked to our commitment to information security and data protection.

Our security objectives are:
Confidentiality: Protecting all sensitive data from unauthorized access and misuse.
Integrity: Ensuring that data remains complete and accurate and is not altered without authorization.
Availability: Ensuring that data and systems are reliably and securely accessible at all times.


By consistently pursuing these objectives, we not only secure our business success but also create added value for our customers.
 

3. Role of Information Security and Data Protection

Information security and data protection are central elements of our corporate strategy. To systematically identify and mitigate risks, we have implemented a robust Information Security Management System (ISMS) based on ISO 27001, which adheres to the highest international standards. This system enables us to proactively respond to threats and ensure that all legal and contractual requirements are met at all times.
Additionally, we are committed to complying with TISAX AL2 “Information processing with High Availability,” “Information processing with Confidential,” and “Information processing with High Protection Needs and Data Protection according to EU-GDPR Art. 28 (‘Processor’).”
 

4. Central Guidelines

Uncompromising Protection of Customer Data
The protection of our customers' data is of the utmost priority at NP4 GmbH and adheres to the highest security standards. This data is processed exclusively in secure, dedicated systems to ensure its confidentiality and integrity. Any deviation from this principle requires explicit customer consent, which is carefully documented. This responsible handling of customer data forms the foundation of the trust on which our business relationships are built.

Secure Access and Transparency
Security begins with controlled access. At NP4 GmbH, we implement strict access control measures to ensure that only authorized individuals have access to sensitive data and systems. We ensure that every access is transparent and thoroughly documented. This approach not only enhances security but also builds trust with our customers and partners.

Integrity through Clear Data Classification
Precise data classification is the backbone of our security strategy. By clearly distinguishing between corporate and customer data and categorizing them according to their protection needs, we ensure that each type of data is appropriately safeguarded. This classification enables us to implement targeted security measures that meet the specific requirements of each data category.

Prioritizing Security and Efficiency
We strive to achieve an optimal balance between user-friendliness and security. We place particular emphasis on ensuring that our systems are not only secure but also efficient and user-friendly. Our solutions are designed to maximize both aspects without compromising one for the other. In cases of doubt, however, security takes precedence to maintain our customers' trust and the integrity of our systems.

Digital First: Preference for Digital Storage
In our digital world, the secure storage of data is crucial. Therefore, we prioritize digital processes and the electronic storage of information. Wherever possible, we avoid analog records to increase efficiency and minimize security risks. Any necessary analog documents are handled under the strictest security standards and properly disposed of after digitization. This approach supports not only our security strategy but also promotes sustainable practices.

Continuous Improvement and Training
Security is a continuous process. Therefore, we regularly review and improve our security measures. All employees of NP4 GmbH receive regular training to ensure they not only understand the security standards but also actively implement them. Through training and awareness programs, we ensure that everyone in the company understands the importance of information security and contributes to it.
​

5. Organization of Information Security

​Information security at NP4 GmbH is ensured by a dedicated team of professionals. The Information Security Officer (ISO) is responsible for coordinating all security-related activities and continuously improving the ISMS. The Data Protection Officer (DPO) supports this effort by ensuring compliance with all data protection regulations. Both roles report directly to management and are provided with the necessary resources to effectively fulfill their duties.
 

6. Security Measures

Our security measures encompass a wide range of technical, organizational, and personnel-related actions:
Access and Control Measures: Strict rules and procedures ensure that only authorized personnel have access to sensitive data and systems.
Virus Protection and Firewalls: We use the latest security software to protect our networks and systems from cyber threats.
Data Backup: Regular data backups ensure that we can quickly resume operations in the event of data loss.
Emergency Planning: A comprehensive emergency plan ensures that we remain operational even in crisis situations and can quickly resume business activities.


7. Continuous Improvement

To ensure the effectiveness of our ISMS, it undergoes regular reviews and adjustments. Continuous improvement is a central component of our security strategy. We promote a high level of security awareness among all employees and encourage them to actively contribute to the enhancement of security measures.
 

8. Duties of Cooperation

Compliance with this security guideline is mandatory for all employees of NP4 GmbH. Management ensures that all employees are familiar with and understand this guideline, and encourages them to actively contribute to information security.
 

9. Effective Date and Revision

This security guideline is in effect and will be regularly reviewed for its relevance and adequacy and adjusted if necessary.

bottom of page