Trust Center  >  Security  >  Information Security Policy

Security

Aeris Security in Brief  |  Information Security Policy  |  Aeris Security Standards  |  Security Standards for Customer Data  |  Watchtower Brief

Aeris Information Security Policy

1.   Introduction

The Information Security Management System (ISMS) at Aeris is a systematic approach to managing and securing information that is important to the integrity, confidentiality, and availability of corporate data. The Information Security Management System Policy (“Policy”) is the foundation of our commitment to secure information handling, in alignment with the ISO 27001 standard. Our ISMS Policy outlines our approach to information security management and details the procedural landscape that constitutes our overarching security posture. It serves as a declaration of our ongoing efforts to secure our digital and physical information assets and also as a comprehensive manual guiding our staff, partners, and stakeholders to take collective responsibility for information security.

2.   Purpose

  • The principal purpose of this Policy is to safeguard our information and related assets against all threats, whether internal or external, deliberate or accidental. Through the establishment of this ISMS, we aim to preserve the integrity, confidentiality, and availability of information by instituting a risk management culture and robust control environment.
  • This Policy describes the company’s position and approach for information security risk management in order to enhance information security, cybersecurity and privacy protection. This Policy reflects Aeris’s commitment to security, outlines the key principles of security commitment and provides information on how the company organizes its implementation activities. Lower-level policies related to specific areas of operation (e.g., access controls, password standards, etc.) apply to each respective control area and are incorporated by reference within this Policy. Such lower-level documents are hereinafter referred to as the “Policies.”
  • This document should be considered the first of several official documents to be published to organization personnel or to subsets of such personnel, as may be applicable.

3.   Scope

The ISMS encompasses all forms of information that Aeris manages (all business and customer information of Aeris group for the design, development and delivery of software and the provision of secure Internet of Things (IoT) and Connected Vehicle (Automotive) platforms and services), whether electronically stored, transmitted, or processed, or physically secured. It pertains to all staff, stakeholders, business processes, and information systems under the organization’s purview, providing a holistic application of our security policies.

4.   Policy Statement

Aeris places the utmost importance on the security and privacy of our information, along with the integrity of our technical operations and systems infrastructure that depend on those information assets. An equal priority is given to the information assets of our customers and business partners. This policy is a formal declaration of our intent to develop, implement, maintain, and continuously enhance our ISMS.

Aeris commits to:

  • implement safeguards to the information and privacy data and assets and operations against natural, human and cyber threats, whether internal or external, deliberate or accidental.
  • comply with all applicable laws, regulations, and contractual obligations related to information security, cybersecurity and privacy protection and to adhere to the industry standards of information security management.

Through the establishment, documentation, maintenance and continual improvement of this ISMS, we aim to preserve the integrity, confidentiality, and availability of information by instituting a risk management culture and robust control environment.