Preamble

To promote the competitiveness of our customers is the declared goal of PROFIROLL TECHNOLOGIES GmbH (from now on called PROFIROLL). In order to meet this goal, we are developing the company into the worldwide supplier and service provider of machines, tools and processes for industrial production by means of forming technologies of metallic materials.

In addition to the development, production and delivery of high-quality machines, tools and processes, competition also demands proof of the quality and security of internal processes. The information security policy takes this requirement into account with regard to the security of information processing within our company. It applies to the entire company.

It is our goal to implement the three basic pillars (availability, integrity, confidentiality) of secure information technology in the best possible way, taking into account the economic performance of the company.

Art. 1 Obligation

  1. The management of PROFIROLL will actively support the security organisation and the security process. PROFIROLL will follow the DIN ISO 27001 standard and implement the management elements of this standard. These include the implementation of regular internal audits, appropriate document control, management evaluation and continuous improvement.
  2. Every employee is obliged to observe and comply with the general safety guidelines and those applicable to the respective workplace.

Art. 2 Responsibility

  1. The trust of our clients and our business success are based on our adherence to legal requirements (compliance), the protection of our trade secrets, the confidentiality of our clients' data, the completion of our projects and services within the planned or assured timeframe and the secure delivery and archiving of products with integrity.
  2. Against this backdrop, Profiroll's business success depends on our ability to identify existing risks to the aforementioned objectives, to avoid or mitigate them through appropriate measures and to deal with residual risks in an appropriate manner.

Art. 3 Principles and objectives

  1. When processing data and information, we comply with the relevant legal, contractual and internal regulations at all times. This applies in particular to personal data and information requiring special protection.
  2. Information security in the sense of confidentiality, integrity and availability of the exchanged information is of central importance for our customers and thus also for us.
  3. The protection of all information that we will receive, generate, process, disseminate, store and destroy in the course of our business activities.
  4. We operate the information and IT systems in such a way that information and functions are always available to our customers and business partners at the required time.
  5. We ensure a high availability of information, IT systems and networks so that downtimes do not exceed a tolerable level and have a negative impact on our business operations and implementation of our customer projects.
  6. We protect all information that is not public from unauthorised access through authorisation.
  7. We treat information in such a way that it is always available in its entirety and unchanged.
  8. Access to information and the non-public area of the organisation is only granted to those persons or entities whose identity or other characteristics as well as their legitimate interest have been proven beyond doubt (authenticity).

Management

Profiroll Technologies GmbH

Bad Düben, March 2021

Contact

Jan Radtke

Information Security Officer

it-support@profiroll.de

As part of our ISMS, we follow the information security questionnaire of the German Association of the Automotive Industry (VDA ISA). The assessment according to the TISAX requirements was carried out by TÜV Süd and conformity was confirmed. Registered participants can access the test results of Profiroll in the TISAX portal.