In 2020, Capital AG decided to introduce an information security management system (ISMS) in accordance with ISO 27001, which meets requirements with regard to confidentiality, integrity and availability of the information processed.
The aim is to establish an appropriate level of information security, to detect possible risks and to reduce them to an acceptable level by taking appropriate measures, as well as to identify and accept the remaining residual risks in a sustainable fashion.
As part of the introduction of the ISMS, the CISO was charged with establishing conformity with ISO 27001 and creating a corresponding structural and procedural organisation. Furthermore, information security was integrated into all relevant processes of the company.
Implementation of the ISMS focuses on strengthening and gradually improving information security awareness on the part of all members of staff who contribute to the effectiveness of the security measures taken. All staff members are sensitised, trained and coached according to their responsibilities, roles and tasks. In this process, the company takes account of the prior knowledge of the target group (e.g. top management, executives, specialist departments, IT) and prepares and communicates the contents in a manner appropriate to each target group.
The Management Board of Ithuba Capital AG bears overall responsibility for the ISMS and is expressly committed to its continuous improvement, providing the necessary resources and promoting and supporting all of the work and needed in this regard.
The effectiveness of the ISMS was audited by an accredited body in November 2020 and the ISO 27001 certificate was issued for a period of three years.