IT & Data Security

Autorola’s information security practices are governed by a set of fundamental principles, ensuring alignment with industry standards, a cohesive and robust security framework, and a commitment to safeguarding sensitive data while enabling our business to thrive and maintain a positive reputation.

Compliance with International Standards: Our information security management system adheres to globally recognised best practices, such as ISO 27001, ISO 27002, and ISO 27005.

Leadership and Guidance: The Chief Information Security Officer (CISO) leads the Information Security function, responsible for creating the Information Security Manual, encompassing policies, standards, procedures, and guidelines. This function serves as an internal centre of excellence, providing leadership and guidance on all information security matters.

Prudent Investment in Security: We make wise investments in proven information security controls based on lifecycle cost/benefit assessments and risk analyses.

Organisation-Wide Responsibility: Information security is embedded throughout the entire organisation, safeguarding all information assets under our care, including those we own and those entrusted to us. It is integrated into our IT architecture, operational processes, and management procedures, making every individual accountable for information security.

Integral to Corporate Governance: Information security is a core element of corporate governance, closely intertwined with IT management, physical site security, risk management, legal and regulatory compliance, and business continuity. It fulfils our obligations to employees, business partners, and the broader community.

Business Enabler: Information security serves as a business enabler, allowing us to confidently pursue and maintain relationships, markets, and opportunities that might otherwise seem too risky. By minimising losses from security breaches, it supports our financial well-being and enhances our corporate image as a trustworthy, open, honest, and ethical organisation.

Sensitive Data Protection: We prioritise the protection of sensitive data as defined by GDPR Article 9 and Article 10. Registration of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, and data concerning sex life or sexual orientation is strictly prohibited. Exceptions only apply to preapproved registration of trade-union and required health information of employees when necessary.