CEPRES Trust Center
Data is our most important asset
At CEPRES we consider Information Security as one of our most important principles. The ISO 27001 standard's Information Security Management System (ISMS) is crucial for demonstrating that everyone associated with the business—clients, employees, partners, and vendors—recognizes and upholds information security as a fundamental and respected core value.
With the achievement of ISO 27001 certification, CEPRES reinforces its commitment to ensuring the safety and security of our information management and our commitment to operation excellence.
Request CEPRES’ ISMS policies from our Trust Center page by agreeing to our non-disclosure agreement.
What is an Information Security Management System (ISMS)?
An Information Security Management System (ISMS) is a framework that helps organizations manage risks and protect information access.
In practice, an ISMS encompasses a wide range of activities, from HR processes like background checks, to data encryption, secure development practices, business continuity planning, and vendor risk management. Essentially, it includes all measures an organization takes to identify and manage information security risks.
Beyond achieving ISO 27001 certification, a compliant ISMS offers additional benefits, such as improving business efficiency, identifying redundancies, reducing costs, and establishing scalable security practices.
The International Organization for Standardization 27001 Standard (ISO 27001) is an Information Security Management System (ISMS) standard that is globally recognized.
Information security is an integral part of everything we do
Information security is an integral part of and a prerequisite for CEPRES operations. All proprietary and entrusted information, especially personal data, as well as resources are protected against unauthorized intentional or accidental access and modification. This applies both to our companies' systems and to any systems operated by third parties or service providers on behalf of CEPRES.
Information security is always up to date
To ensure that protection can be targeted, the key values at CEPRES are identified and protected by means of appropriate authorization and access management - combined with appropriate state-of-the-art technical and organizational measures. The entire "life cycle" of the information at all usage locations is holistically considered.
Our employees and contractors are trained through continuous awareness measures on information security and are thus also sensitized to new threats.
Need-to-know principle and the C-I-A
Information is made available securely and unaltered exclusively to authorized persons, following the need-to-know principle.
We redefined our Information security by using the C-I-A triad: confidentiality (information is available only to authorized users); integrity (information is accurate and complete) and availability (authorized users have access to information when they need it).
Secure communication on all channels with all partners
The state-of-the-art security level we strive for is consistently implemented on all communication paths. This applies both to external communication, e.g. with customers and business partners, and to the flow of information within CEPRES.