Data security audit at target

News
target software

The independent auditor confirms that target has implemented the data security requirements.

Data privacy is of major importance for all target employees. As a contractor of project and maintenance services, we come into contact with personal data in many cases. In the terminology of the General Data Protection Regulation (GDPR), this thus makes us processors.

We wish to, and need to, ensure a high degree of data security when processing personal data, in order to preserve the trust placed in us by our customers.

Through regular, mandatory training seminars, all target employees have been sensitised to the topic of “data security”. We are, moreover, subjected, by an independent office, to an annual audit, to check whether the required standards are being met. The provisional audit that took place last time, in July 2019, was positive, and conveyed to us by way of the respective certificate that the requirements were being met.

Among the topics audited were the technical organisational measures detailed for the sub-fields of admission and entry control, access control, data carrier control, user control, transmission control and input control, availability, integrity, assignment control and encryption.

In consultation with our Data Protection Officers, measures were established for each of the sub-fields of data security mentioned, and these were then implemented. Here are one or two examples: all monitors are switched over to a dark screen when work is interrupted; in sensitive areas they have been equipped with privacy film. A password policy has been implemented. Admission control is carried out via a role-based admission authorisation system. Comprehensive directories of procedures define procedural content, authorisations and erasure deadlines in the individual case. All data on laptops and mobile data carriers is encrypted using Bitlocker. The use of access to customer systems is strictly regulated: A dedicated login is available to each authorised project participant, so as to guarantee access control, user control and input control.

The measures are, as per the GDPR, always to be adapted to the state of the art. The topic of “data security” is therefore constantly on the agenda at target. A new measure has already been implemented since the last audit. In the field of access control, we have introduced multiple factor authentication. To access the system, in addition to entering their user name and password employees now also need to grant consent in the authenticator app on their smartphone.

Further measures have been identified, and have already been drafted. Precisely in line with our motto, “... and we continue to give of our best”, these are continually being implemented in the run-up to the next audit.

Back
target top
This Website uses Cookies

We store technically necessary cookies, without which the operation of the site is not possible. In order to provide you with a better user experience on our website, we would also like to evaluate anonymous analysis data. Which tools we use for this purpose and further information can be found in our Privacy Policy and in our Legal Notice.

Accept technically required cookies only

On our website you will find interesting videos and maps hosted on Youtube/googleMaps. The videos and maps are used without a cookie, but data is still loaded from google servers, which means that your surfing behaviour can be recorded by Google.

Name Google Analytics
Provider Google LLC
Usage Cookie from Google for website analysis. Generates statistical and anonymous data about how the visitor uses the site.
Privacy policies.google.com/privacy
Cookie Name _ga,_gat,_gid
Cookie Runtime 14 Month