arrow-downburgerchev-downclosedepartmentdownloadglobeloaderlocationloginmagnifiersearchuser facebooklinkedintwitterxingyoutube atbechczdeesfrgbhuieitnlplsk

Safeguarding data: information security management at Unite

IT Security Officer Alexander Warschun explains information security management at Unite.

Two Unitees review work on a computer together.

Many companies today are already digitised to a large extent and thus face growing threats to IT security. Not only has the risk of damage increased, but the impact that a single security breach can have has also become significantly higher. Companies, therefore, bear a great responsibility for information security, as they manage not only their own data, but also that of customers, partners and stakeholders. Professional information security management can make the risks manageable.

Information security management is the process of protecting an organisation’s data and assets against potential threats. One of the primary goals of these processes is to protect data confidentiality, integrity, and availability. Information security management may be driven both internally by corporate security policies and externally by regulations such as the General Data Protection Regulation (GDPR).

Foto of Alexander Warschun, he is IT Security Officer at Unite.
Alexander Warschun is IT Security Officer at Unite.

Companies like Unite process a large amount of data. It may include sensitive customer data, intellectual property and other data critical to a company's competitive advantage and ability to operate. This valuable data must be protected from being stolen by cybercriminals or from being encrypted by ransomware. Effective security management is essential to ensure that organisations take the necessary steps to protect this data and safeguard themselves and their business partners.

The fundamental goal of information security management is to protect data:

  • Confidentiality: protecting the confidentiality of data requires limiting access to data to authorised users. Data breaches are a violation of confidentiality.

  • Integrity: ensuring data integrity requires the ability to ensure the accuracy and completeness of data. A cyber threat actor corrupting data in an organisation's databases is a data integrity breach.

  • Availability: data and the services based on it must be available to authorised users inside and outside the organisation. A distributed denial of service (DDoS) attack is an example of a threat to the availability of an organisation's data and services.

Data confidentiality, integrity, and availability can be threatened in many ways

Managing information security includes:

  • identifying potential risks to an organisation

  • assessing their likelihood and potential impact

  • developing and implementing mitigation strategies (to reduce risk as much as possible with available resources.)

Unitees at work: sitting in an office with computers open.
Companies like Unite process a large amount of data. This valuable data must be protected.

At Unite, we have a clearly defined management structure and responsibility, including overall lines of control, accountability, and supervision for the security effort.

The IT Security Officer (IT-SO) is responsible for organisation-wide efforts related to data and information system security. It includes:

• development of security policies

• evaluation of security-related software

• training

• coordination of efforts to improve data security controls

• dissemination of security-related information and incidents, which could affect our computing resources' availability and integrity.

In addition, the IT-SO maintains communications with the CIO and Managing Directors, regularly updating them on information security issues that need to be addressed.

We rely upon state-of-the-art secure data centres, internal policies and procedures, appropriate data encryption, and regular third-party audits to protect our customers’ data from potential threats. All customer data is processed in line with GDPR. All IT systems used for the production environment of our platforms are located in data centres that are ISO and/or BSI (the German Federal Office for Information Security) certified or in an ISO-certified cloud.

We operate an Information Security Management System (ISMS) based on the ISO 27001:2017 standard to manage policies and procedures required to ensure the expected security and data protection level. The ISMS is managed centrally and reflects the policies, procedures and measures that apply throughout the Group. An update in accordance with the 2022 version of the standard and the related certification process has been initiated.

Further details on specific technical and organisational measures (TOM ) can be found in our Information Security Management Plan, which is available from your personal account manager upon request.