Information Security

Information is of great value to Centric and to the services we provide to our customers. That is why we protect all data within our organization in an appropriate manner. On this page, you can read how Centric approaches information security.

Our view on information security

At Centric, we take information security very seriously. Therefore, we apply the following principles:

Information security is a process, not a project
Information security is broader than IT
The goal of information security is secure service delivery
Information security awareness is essential

The core of effective information security is determining which measures are appropriate for each situation. It is crucial that both senior management and employees are aware of the importance of information security.

Information security policy

With this vision in mind, Centric has established an information security policy. This policy contains principles and governance mechanisms to ensure effective information security. Our information security policy guides our choices, procedures, controls, codes of conduct, and work instructions related to information security.

The central objective of our policy is to ensure the reliability of our information provision - based on risk assessment - and to avoid or minimize potential damage to our organization and to our customers (and the services we provide to them).

Information Security Baseline

Our information security policy is further elaborated in an internal information security baseline. This baseline contains principles and concrete requirements for technical, organizational, and human‑focused measures that protect our information and organization against threats, whether they originate internally or externally.

Centric complies with all relevant laws and regulations regarding reliable information. In addition, we apply standards and best practices such as:

ISO/IEC 27001:2022 – Information Security Management Systems
ISO/IEC 27002:2022 – Code of practice for information security
Grip op SSD; CIP – “Grip on Secure Software Development (SSD)”

Within specific business units and service offerings, we assess whether additional measures are desirable on top of the baseline. This allows us to implement measures tailored to the nature, context, and content of specific services.

Information Security Management System

To translate security principles and risk management into measures - and to implement and manage them - we use an Information Security Management System (ISMS).

Security Organization

A designated Chief Information Security Officer (CISO) centrally oversees the implementation and compliance with the baseline. Various business units are represented within the security organization by a Security Coordinator (SC), while a Security Officer facilitates the information security process within the operations centers for the relevant activities.

Overall coordination and governance are handled by the Information Security Steering Committee, which includes representatives of senior management, the CISO, the Privacy Officer, and various security perspectives.

Certifications

Several business units and processes within Centric are certified according to ISO 27001:2022. In addition, TPM/ISAE 3402 assurance reports are prepared for various business units and processes where applicable.

Confidentiality

All our employees are bound by confidentiality with regard to sensitive information obtained during their employment.

Information Security Awareness

Achieving an appropriate level of security requires information security awareness among both management and employees. Therefore, we invest significant effort in raising and maintaining this awareness.

Want to Know More?

Curious how Centric protects your data? Contact your Centric account representative or email security@centric.eu.

More about Centric Trust Center

Centric Trust Center

Our view on information security

Protection of privacy