As well as data protection, information security is also in ProSiebenSat.1 Group’s business interests. A failure, manipulation or unauthorized disclosure of business-critical information could result in significant financial losses or reputational damage. The adequate security of business processes, IT, infrastructure and critical information is therefore a strategic factor for the Company’s competitiveness and continued existence. Information security at ProSiebenSat.1 has four primary strategic goals: [GRI 103-1, GRI 103-2]
- To maximize business continuity
- To minimize business losses
- To prevent and minimize the effects of security incidents
- To limit risks
Failures of systems, applications or networks are just as much potential risks as violations of data integrity and confidentiality. The constantly widening scope of information processing and networking and the advancement of technology are increasing the complexity in the interplay with people, processes and technologies, while the vulnerability within Company-wide information processing is also increasing. Targeted attacks and other threat scenarios show that politically, economically or ideologically motivated groups represent a growing challenge.
The Group therefore has an Information Security Management System (ISMS), which ensures comprehensive protection for the Group’s information assets in a structured and risk-based manner. The way in which an early risk detection and risk management system must be established and carried out is not prescribed by law. Information security at ProSiebenSat.1 Group is based on the ISO 27001 standard (Information Security Management System, ISMS). The ISMS targets the confidentiality, integrity and availability of information. The effectiveness of the security standards is examined regularly by the Internal Audit department. In addition, all employees must complete regular and mandatory online training on the topic of information security. Most recently, we launched an e-learning program on rules for handling information in the fourth quarter of 2017; as of December 31, 2017, we had thus trained over 4,300 employees. [GRI 103-2, GRI 103-3]