INFORMATION SECURITY POLICY

Purpose, Scope and Users

The goal of these highest-level guidelines is to define the purpose, direction, basis and basic rules for an information security concept. The users of this document are all employees of the Jung von Matt Group. Contractors and suppliers who provide services for the Jung von Matt Group are obliged to comply with and implement the information security guideline.

Business model 

In addition to traditional advertising, Jung von Matt AG also offers additional services in the area of advertising via its subsidiaries, such as the development of brand strategies and concepts for digital platforms. Our group’s particular strength lies in the integration of traditional media and what is called the “new media”. We already take care of the complete communications needs of many customers.

Competition requires that, in addition to developing and implementing high-quality communications concepts, we also demonstrate the quality and security of our internal processes. These information security guidelines address this requirement with respect to the security of information processing within our agency. It thus applies for the entire group.

Requirements, risks and goals

Our customers’ trust and ultimately our business success require in particular that we

  • adhere to legal stipulations including data protection laws (compliance),

  • protect our business secrets,

  • maintain the confidentiality of our customers’ data,

  • carry out our projects and services within the planned or assured period of time,

  • provide and archive our services in a secure fashion.

Against this background, our Agency’s business success depends on us recognising existing risks for the stated objectives, avoiding or minimizing those risks by means of suitable measures and dealing with remaining risks appropriately. 

Those risks include incomplete or incorrect compliance with statutory provisions, unauthorised and possibly unnoticed disclosure of company secrets, violation of our customers’ specifications due to system breakdowns, data loss, unauthorised disclosure of information.

Against the background of the external and internal requirements, but especially of our customers’ security requirements, information security must be an integral component of our corporate culture. 

Every employee must be aware of the necessity of information security and know the basic effects of risks on business success. If the Company’s information security policy is violated, labor law measurements from written warning to dismissal are envisaged. 

These guidelines shall be applied to the entire information security plan, and defined as in the document regarding the scope.

INFORMATION SECURITY TASK

Goals and measurement

The information security concept’s general goals are as follows:

  • To increase protection of the Agency and its employees from damage.

  • To attain competitive advantages through security concepts.

  • To meet statutory and individual client specifications.

These goals agree with the business goals and the Agency’s strategy, since we work primarily for international enterprises for which information security is of great importance for the same reasons. Our information security officer is responsible for checking these general goals and defining new goals. 

Goals concerning steps to be taken for individual security measures or groups of security measures are proposed by the respective information security officer in the agencies and approved by management or the Executive Board. All of these goals must be reviewed at least once a year.

Jung von Matt AG evaluates and measures fulfilment of these goals. The information security officer is responsible for determining the method by which fulfilment of these goals is measured. The evaluation/measurement is carried out at least once a year, and the information security officer analyses and evaluates the results that are measured and then reports to Jung von Matt AG’s authorised representative in the form of input materials for management review

Information security requirements

These guidelines and the entire information security concept must meet legal and statutory requirements as well as the contractual obligations that are decisive for organisation in the area of information security.

Information security measures

The process for selecting measures is defined [in] the methodology for assessing and dealing with risk. The selected measures and their implementation status are listed within this document.

Responsibilities

The basic responsibilities for management of information security are as follows 

  • Jung von Matt AG’s authorised representative is responsible for ensuring that information security is implemented and maintained in accordance with these guidelines and that all necessary resources are available.

  • The information security officer is responsible for coordinating execution of the information security concept as well as for reporting about performance.

  • Jung von Matt AG’s authorised representative must review the information security status at least once a year (and in any case of significant changes) and log the review accordingly. The purpose of this management review is to demonstrate that the measures are appropriate, suitable and effective.

  • The information security officer is responsible for implementing information security training and programmes to raise employee awareness.

  • Protection of the integrity, availability and confidentiality of assets is the responsibility of the owner of the respective assets.

  • All security-related incidents or weak spots must be reported to the information security officer.

  • The information security officer defines what information-security-related information is communicated to which interested parties (both internal and external) by whom and when.

  • The information security officer is responsible for setting up and implementing the training and awareness plan, which applies for all individuals who play a role in information security management.

Communication of guidelines

The information security officer has to ensure that all Jung von Matt AG employees at the Hamburg location as well as relevant external parties are familiar with these guidelines.

Support for implementation

The Executive Board and authorised representative of Jung von Matt AG hereby declare that implementation and continuous further improvement will be supported with suitable resources so that all goals named in these guidelines can be met.

Validity

This document is valid as of 05.02.2020. Version 02/2020 · Page 1/1