Results

Rexult AG demonstrates a clear understanding of information security risks, legal requirements, and contractual obligations. The scope and structure of the information security management system comply with the requirements of ISO 27001.

Top management at Rexult AG is actively committed to information security and makes key decisions to ensure compliance with legal and contractual obligations as well as the continuous improvement of information security performance.

Information security risks, security objectives, and the management of changes are defined and documented. In order execution planning and work preparation, Rexult AG takes these risks and objectives into account. This actively prevents potential security incidents and effectively protects sensitive information.

Rexult AG ensures that information security-related tasks are supported by well-trained personnel, appropriate technical resources, and clear communication. This helps prevent security incidents, ensures employee competence in handling information security requirements, and reduces misunderstandings in the implementation of security measures.

Rexult AG consistently implements the requirements of information security management. Employees receive clear instructions for the secure handling of information. The consistent implementation of these guidelines ensures the protection of sensitive data and the early identification of risks through regular information security assessments.

Rexult AG regularly identifies information security risks, verifies compliance with security-related requirements through internal audits, and evaluates the results within a structured management review. This ensures that data is effectively protected, legal and contractual requirements are met, and information security is continuously improved – to safeguard customers, partners, and sensitive information.

Rexult AG embraces the principle of continuous improvement in information security management by consistently reviewing and purposefully enhancing security-relevant processes. This ensures that customers can rely on the consistent protection of sensitive data and steadily increasing security standards.

Rexult AG has implemented comprehensive organizational measures to embed information security within the organization. These include, among others, the introduction and regular review of an information security policy, the clear definition of responsibilities, the implementation of access control procedures, as well as the classification and labeling of information. Furthermore, inventories for information and related assets are maintained, contacts with relevant authorities and stakeholder groups are upheld, and measures for information security in supplier relationships are implemented.

Rexult AG has implemented extensive personnel-related measures to ensure information security. These include security screenings for new employees, the definition of responsibilities in employment contracts, as well as regular training and awareness programs on information security. Furthermore, formalized procedures such as a disciplinary process, clear responsibilities when terminating or changing employment relationships, and binding confidentiality agreements are in place. In addition, rules for secure remote work have been established and a reporting procedure for information security incidents has been introduced.

Rexult AG has implemented comprehensive physical measures to protect information and related assets. These include, among others, secured security perimeters and access controls, the physical monitoring of premises, as well as protective measures against physical and environmental threats. In addition, rules have been established for a tidy working environment, the safe operation and placement of equipment, the protection of assets outside the premises, and the secure management of storage media. Maintenance, cabling, and the secure disposal of equipment and assets are also regulated.

Rexult AG has implemented a wide range of technological measures to ensure information security. These include the protection of end devices, the management of privileged access rights, the restriction of information access, and secure authentication procedures. Furthermore, technical vulnerabilities are systematically managed, data is deleted or encrypted, and logging is performed. These measures are complemented by network and application security, the use of cryptography, and protection against malware.