MCP specializes in reducing avoidable waste in industry. Our goal is to help reduce environmental impact through smarter planning. Supply chain planning and detailed production planning are ideal disciplines for achieving this. The information processed in these areas is among our clients’ most valuable assets and must be protected accordingly. For this reason, management has decided to implement an Information Security Management System (ISMS) in accordance with ISO 27001, which meets the requirements regarding the confidentiality, integrity, and availability of the information processed.The goal is to establish an appropriate level of information security, identify potential threats, and mitigate them to an acceptable level through appropriate measures, as well as to identify and transparently accept any remaining residual risks. All measures should be tailored to the necessary protection requirements of the respective information from an economic perspective and aligned with the corporate strategy. In implementing the ISMS, we are committed to raising and gradually improving awareness of information security among all individuals who contribute to the effectiveness of the security measures in place. All individuals are made aware of, educated, and trained in accordance with their responsibilities, roles, and tasks, taking into account the prior knowledge of the target group (e.g., top management, executives, functional departments, IT, and external parties) and ensuring that the content is tailored and communicated appropriately for each group.To ensure information security, the IT infrastructure and processes used to process information must also meet security requirements. The necessary IT security measures are determined on a risk-based approach, taking into account the current state of the art. The following section outlines the key elements of the ISMS:Conducting an environmental analysis that takes into account business operations and the requirements of stakeholders Promoting a strong safety culture across all areas Establishment of an effective organizational structure led by a CISO with sufficient authority, the necessary financial resources, and appropriate personnel resources. Establishment of an opportunity and risk management system. Establishing specific and measurable information security objectives Clearly defined communication structures Establishment of the necessary process organization Preparation and management of all relevant documents Measuring Goal Achievement Using Key Performance Indicators Regular assessment of the design effectiveness and operational effectiveness of measures Direct reporting line between the CISO and senior management Annual assessment of effectiveness by management Defining and tracking actions to correct nonconformities and implement improvement measures To ensure optimal information security, we are committed to:Regular information security training for all employees Planning and Implementation of IT Changes Comprehensive IT security for all end devices in use Regular updates to the software in use Senior management bears overall responsibility for the ISMS, is explicitly committed to continuous improvement, and promotes and supports all necessary activities and measures.Information security is not solely the responsibility of senior management. All employees are obligated to protect information and to accept the additional effort required to comply with established security measures in the best interests of the company as a whole. In particular, managers are responsible for ensuring compliance with established policies and procedures within their respective areas.
