This Global Information Security Policy sets out Infineum’s commitment to protecting the confidentiality, integrity and availability of its information assets and constitutes the foundation of Infineum’s Information Security Management System (ISMS), aligned with ISO/IEC 27001:2022.
This policy is published to provide customers, partners, regulators and other stakeholders with transparent evidence of Infineum’s commitment to information security.
This policy applies, as appropriate to the nature of the activity, risk and contractual relationship, to:
The detailed ISMS scope is defined in the internal ISMS Scope Statement, which is maintained by the Information Security function and reviewed periodically.
Infineum is committed to preserving the three core properties of information security and applying them through proportionate organisational, procedural and technical measures:
Measurable security objectives are established, monitored and reviewed at planned intervals, in alignment with Infineum’s strategy, obligations and risk landscape.
Information security at Infineum is governed through defined roles, responsibilities and oversight arrangements. Executive Management supports the ISMS and promotes a risk-based approach to the protection of information assets.
Information security risks are identified, assessed, treated and monitored in accordance with Infineum’s internal risk management processes. Controls are implemented and reviewed to ensure they remain appropriate to the sensitivity of the information, the criticality of supporting systems and the evolving threat landscape.
Infineum is committed to complying with applicable legal, regulatory and contractual obligations relating to information security, cybersecurity and data protection, including, where relevant:
Infineum promotes information security awareness through communication, guidance and training appropriate to personnel roles and responsibilities.
Structured processes are in place to report, assess and manage information security events and incidents; actual or suspected incidents must be reported promptly.
Infineum also maintains business continuity and disaster recovery arrangements to support the resilience and availability of critical information systems and services.
Infineum is committed to the continual improvement of its ISMS. Information security performance is monitored through planned reviews, internal audits, management review activities and the management of nonconformities, corrective actions and improvement opportunities.
This policy is owned by the Chief Information Security Officer and approved by Infineum’s Executive Management. It is reviewed periodically and updated as necessary to reflect changes in Infineum’s business, risk profile, regulatory environment or information security objectives.
Questions regarding this policy or Infineum’s Information Security programme should be directed to the Information Security Team: ciso@infineum.com
* You can view and download a PDF version of our Global Information Security Policy here