AutoTradox's information security practices are governed by a set of fundamental principles, ensuring alignment with industry standards, a cohesive and robust security framework, and a commitment to safeguarding sensitive data while enabling our business to thrive and maintain a positive reputation.
Compliance with International Standards
Our information security management system adheres to globally recognized best practices, such as ISO 27001, ISO 27002, and ISO 27005.
Leadership and Guidance
The Chief Information Security Officer (CISO) leads the Information Security function, responsible for creating the Information Security Manual, encompassing policies, standards, procedures, and guidelines. This function serves as an internal center of excellence, providing leadership and guidance on all information security matters.
Prudent Investment in Security
We make wise investments in proven information security controls based on lifecycle cost/benefit assessments and risk analyses.
Organization-Wide Responsibility
Information security is embedded throughout the entire organization, safeguarding all information assets under our care, including those we own and those entrusted to us. It is integrated into our IT architecture, operational processes, and management procedures, making every individual accountable for information security.
Integral to Corporate Governance
Information security is a core element of corporate governance, closely intertwined with IT management, physical site security, risk management, legal and regulatory compliance, and business continuity. It fulfills our obligations to employees, business partners, and the broader community.
Business Enabler
Information security serves as a business enabler, allowing us to confidently pursue and maintain relationships, markets, and opportunities that might otherwise seem too risky. By minimizing losses from security breaches, it supports our financial well-being and enhances our corporate image as a trustworthy, open, honest, and ethical organization.
Sensitive Data Protection
We prioritize the protection of sensitive data as defined by GDPR Article 9 and Article 10. Registration of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, and data concerning sex life or sexual orientation is strictly prohibited. Exceptions only apply to preapproved registration of trade-union and required health information of employees when necessary.