IMS-Integrated Management System

(Version 3.0 / 05.02.24)

Overview and document objective

Telehouse Deutschland GmbH is operating a management System (ISMS, QMS, EnMS), in compliance to the requirements of the international standards ISO/IEC 27001, ISO 9001 and ISO 50001.

Scope

This IMS policy is applicable to Telehouse Deutschland GmbH.

Responsibilities

The top management is responsibility for the establishment, implementation and maintenance of the integrated management policy.

All employees of Telehouse Deutschland GmbH are acquainted with this IMS-Policy.

The IMS-Policy of Telehouse Deutschland GmbH is communicated, understand and applied within the organization. It is available to relevant interested parties as appropriate.

Process definition

The IMS-Policy is a set of guidelines that drive the processes and procedures according to the management systems ISMS, QMS and EnMS.

This document is reviewed on an annual base or in the case of critical changes.

The quality, information security and energy efficiency policy is geared towards:

  • Meeting the requirements and expectations of our customers while complying with legal, regulatory and other requirements applicable to our business.
  • Ensure effective protection of all information in the Company’s business by ensuring confidentiality, integrity and availability, as well as compliance with applicable legal requirements.
  • Increasing energy efficiency, sustainable reduction of average annual energy consumption, saving of energy resources

QUALITY POLICY

At Telehouse Deutschland GmbH all employees are committed to achieving excellence in products, services and business processes by actively pursuing continuous improvement, achieving legal compliance and sharing the vision of total customer satisfaction. We understand our customer’s needs and realize that a long-term successful partnership can only be sustained by ensuring that qualitative high-grade products and services are offered.

Our Quality Management System was introduced to ensure that the highest quality demands are met and to facilitate achievement of our self-defined quality goals. Our employees adhere to these high-quality standards during the course of their daily work. Satisfied customers are our main priority. For that reason, establishing and satisfying our customer requirements is an important aspect of our quality management.

ENERGY POLICY

Telehouse Deutschland GmbH is committed to continual improvement in its Energy Management System and in energy efficiency.

To realize this, we periodically verify, that:

  • The necessary financial and personnel resources as well as professional competences are ensured.
  • Relevant legal, contractual and other requirements are taken into account and respected
  • All employees are involved in the EnMS and they are prepared on energy-saving behavior in their workplaces within regularly informing.
  • The internal control of energy-related performance is continuously improved
  • Purchase of energy-saving products and services as well as suggestions for reducing energy usage are supported
  • The inefficient system components are replaced
  • The defined objectives are measurable
  • Energy data are regularly monitored and evaluated

INFORMATION SECURITY POLICY

Telehouse Deutschland GmbH is committed to fully complying with the relevant laws and regulations in relation to Information Security (“Relevant Laws”). This includes all relevant German laws, including the German federal data protection act, the Telecommunications Act, the Tele media Act and others by protecting the corporate information assets from a wide range of infringement incidents and ensuring their confidentiality, integrity and availability.

The ISMS goals & objectives include:

  • The confidentiality of Information should be protected in accordance with the current best practice.
  • The integrity of information must be protected during the storage, transfer and processing of information.
  • The availability of information should be guaranteed for all critical operations.
  • To comply to all legal, contractual and group security and compliance requirements.

For the aforementioned purposes, the Company will:

  • Maintain a management system framework to deal with Information Security.
  • Develop necessary internal rules to enforce this policy (“Enforcement Rules”), including an index of procedures which process personal data.                 •
  • Check all the information assets and business processes, classify them and manage them properly.
  • Analyze threats to the information assets and business processes, their estimated probability, possible adverse impact on the Company’s business and thus identify and assess the risks associated with them.
  • Develop and monitor the measures to manage and control the identified internal and external risks (“Control Measures”) / Chances based on the aforementioned analysis and the assessment and to put them into force.
  • Maintaining and upholding the management system and ensuring the continuity of business processes in order to limit the impact of incidents on business operations
  • Take appropriate actions to enforce this policy as well as to apply Enforcement Rules to those who are not Company staff, but have an access to the information assets of the Company.
  • All Company staff must be sufficiently informed about the importance of information security and comply with all provisions of the implementing regulations and applicable legislation. All company employees are responsible for ensuring the security of their information. Each employee is required to actively participate in the implementation of the company’s security policy by ensuring that the necessary security measures are taken. Any actual or threatening breach of the regulations must be reported to the management immediately.
  • To provide the required resources and involvement to operate the ISMS and the associated business processes.
  • Supporting other relevant management roles to demonstrate as it applies to their areas of responsibility and promoting continual improvement.
  • Any non-compliance with the relevant internal goals and objectives or Enforcement Rules will be considered to be an information security incident, to which the TDE disciplinary procedures apply.

The top management takes responsibility for the improvement of quality, energy and security-related performance and for the IMS.