TABLE OF CONTENTS
Every Gofore employee and contractor is obligated to read and comply with this Information Security Policy.
This information security policy underlines Gofore’s commitment to information security when dealing with employees, contractors, customers and suppliers.
Gofore’s business and reputation depends upon the trust of clients, partners and other stakeholders. Information security is central to the preservation and assurance of this trust.
Every effort is made to ensure information security is effective and aligned with business objectives and complies with applicable law and regulation.
It is essential for information security to be an integrated characteristic of Gofore. We maintain and continuously improve our information security management system by setting information security objectives derived from business objectives and information security strategy synchronisation. Gofore cultivates a security culture whereby security awareness is part of business-as-usual. Employees and contractors take responsibility for security in their own conduct and responsibilities.
In our best interests and in yours, everyone at Gofore takes security seriously.
As stated in our commitment, everyone takes responsibility for security in their role and conduct.
The Chief Executive Officer (CEO) is ultimately accountable for ensuring Gofore incorporates information security into corporate governance and business continuity.
The Executive Management Team is responsible for ensuring information security implementation is aligned with company strategy.
The Chief Information Security Officer (CISO) is responsible for information security awareness and for employee compliance with information security policies, procedures and guidelines. The Security Team and business function stakeholders support the CISO.
The Security Team is responsible for supporting the CISO in disseminating security awareness, ensuring the information policy, procedures and guidelines are complied with, and responding to security events. To ensure continual improvement, the information security management system is reviewed and updated annually to maintain compliance with ISO 27001 requirements and ISO 27002 code of practice where applicable. Information security and data protection expectations are proactively communicated to customers and suppliers as part of framework agreements, contracts, and projects.
Business Unit Leads are responsible for ensuring that people in their unit
Project managers are responsible for ensuring project members are information security aware and develop solutions that are secure and data protection compliant by design. Information security and data protection expectations are also determined by client requirements.
In Gofore, data protection is also an integrated business-as-usual aspect of digital consulting. Gofore processes personal data in accordance with applicable legislation, including the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR).
Gofore considers the requirements set forth in the data protection legislation in all its business activities and expects and requires the same from subcontractors and other business partners. Gofore provides orientation for employees regarding guidelines for privacy and data protection.