Information security policy

Purpose, scope and users

The goal of these strictly to observed policy is to define the purpose, direction, basis and basic rules for an information security concept. The users of this document are all employees of the Jung von Matt Group.
Contractors and suppliers who provide services for the Jung von Matt Group are obliged to comply with and implement the information security guideline.

Business model 

In addition to traditional advertising, Jung von Matt AG also offers additional services in the area of advertising via its subsidiaries, such as the development of brand strategies and concepts for digital platforms. Our group’s particular strength is the creation of communication that develops momentum for our clients.We already take care of the complete communications needs of many customers.

Competition requires that, in addition to developing and implementing high-quality communications concepts, we also demonstrate the quality and security of our internal processes. This information security policy addresses this requirement with respect to the security of information processing within our agency. It thus applies for the entire group.

Requirements, risks and goals

Our customers’ trust and ultimately our business success require in particular that we

  • adhere to legal stipulations including data protection laws (compliance),

  • protect our business secrets,

  • maintain the confidentiality of our customers’ data,– carry out our projects and services within the planned or assured period
    of time,

  • provide our services in a secure fashion and archive if commissioned or required by law.

Against this background, our Agency’s business success depends on us recognising existing risks for the stated objectives, avoiding or minimizing those risks by means of suitable measures and dealing with remaining risks appropriately.
Those risks include incomplete or incorrect compliance with statutory provisions, unauthorised and possibly unnoticed disclosure of company secrets, violation of our customers’ specifications due to system breakdowns, data loss, unauthorised disclosure of information.

Against the background of the external and internal requirements, but especially of our customers’ security requirements, information security must be an integral component of our corporate culture.

Every employee must be aware of the necessity of information security and know the basic effects of risks on business success. If the Company’s information security policy is violated, labor law measurements from written warning to dismissal are envisaged.

This policy shall be applied to the entire information security plan, as defined in the document regarding the scope.

INFORMATION SECURITY TASK

Goals and measurement

The information security concept’s general goals are as follows:

  • To increase protection of the Agency, its clients and employees from damage.

  • To attain competitive advantages through security concepts.

  • To meet statutory and individual client specifications.

These goals agree with the business goals and the Agency’s strategy, since we work primarily for international enterprises for which information security is of great importance for the same reasons. Our information security officer is responsible for checking these general goals and defining new goals.
Goals concerning steps to be taken for individual security measures or groups of security measures are proposed by the respective information security officer in the agencies and approved by management or the Executive Board. All of these goals must be reviewed at least once a year.
Jung von Matt AG evaluates and measures fulfilment of these goals. The information security officer is responsible for determining the method by which fulfilment of these goals is measured. The evaluation/measurement is carried out at least once a year, and the information security officer analyses and evaluates the results that are measured and then reports to Jung von Matt AG’s authorised representative in the form of input materials
for management review.

Information security requirements

This policy and the entire information security concept must meet legal and statutory requirements as well as the contractual obligations that are decisive for organisation in the area of information security.

Information security measures

The process for selecting measures is defined in the methodology for assessing and dealing with risk. The selected measures and their implementation status are listed within the risk assessment process.

Responsibilities

The basic responsibilities for management of information security are as follows: 

  • Jung von Matt AG’s authorised representative is responsible for ensuring that information security is implemented and maintained in accordance with this policy and that all necessary resources are available.

  • The information security officer is responsible for coordinating execution of the information security concept as well as for reporting about performance.

  • Jung von Matt AG’s authorised representative must review the information security status at least once a year (and in any case of significant changes) and log the review accordingly. The purpose of this management review is to demonstrate that the measures are appropriate, suitable and effective.

  • The information security officer is responsible for implementing information security trainings and programs to raise employee awareness.

  • Protection of the integrity, availability and confidentiality of assets is the responsibility of the owner of the respective assets.

  • All security-related incidents or weak spots must be reported to the information security officer.

  • The information security officer defines what information-security-related information is communicated to which interested parties (both internal and external) by whom and when.

  • The information security officer is responsible for setting up and implementing the training and awareness plan, which applies for all individuals who play a role in information security management.

Communication of guidelines

The information security officer has to ensure that all Jung von Matt Group employees as well as relevant external parties are familiar with this policy.

Support for implementation

The Executive Board and authorised representative of Jung von Matt AG hereby declare that implementation and continuous further improvement will be supported with suitable resources so that all goals named in this policy can be met.

Validity

This document is valid as of 01.12.2023.