General information security policy
At bao, we recognize the value of information and privacy and have therefore implemented a security management system to control all our information security efforts. The security policy applies to everyone involved in our company.
Principles
- Schützt den Informations- und IT-Bestand von bao Technologies (einschließlich, aber nicht beschränkt auf alle Computer, mobilen Geräte, Netzwerkausrüstung, Software und sensible Daten) gegen alle internen, externen, vorsätzlichen oder zufällige Bedrohungen zu schützen und die Risiken zu mindern, die mit Diebstahl, Verlust, Missbrauch, Beschädigung oder Missbrauch dieser Systeme.
- Ensures that the information is protected against unauthorized access. Users only have access to resources for which they have been given special access authorization. The assignment of authorizations must be strictly controlled and regularly reviewed.
- Protects the CONFIDENTIALITY of information. When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized persons
- Ensures the INTEGRITY of information. The integrity of information refers to the protection of information that is modified by unauthorized persons
- Maintain the AVAILABILITY of information for business processes. Availability of information refers to ensuring that authorized parties can access the information when needed. Comply with national legal and regulatory requirements and exceed them wherever possible.
- Develops, maintains and tests business continuity plans to ensure we stay on course despite any obstacles. It's about "keeping calm and carrying on".
- Raise awareness of information security by providing information security training to all employees. Security awareness and targeted training must be consistent, responsibility for security must be reflected in job descriptions, and compliance with security requirements must be expected and accepted as part of our culture.
- Ensures that no action is taken against any employee who discloses information security concerns through reporting or direct contact with the Head of Information Security Management, unless such disclosure clearly indicates an illegal act, gross negligence or repeated willful or deliberate disregard of policies or procedures.
Meldet alle tatsächlichen oder vermuteten Verstöße gegen die Informationssicherheit an security@bao.ai oder über das Kontaktformular hier.
