Information Security and Quality Policy of the
NORTH-TEC Group

Information Security Policy

Information security is a top priority at NORTH-TEC Maschinenbau GmbH. We protect all information critical to our business operations against unauthorized access, loss, alteration, and misuse.

  • Confidentiality: Information classified as confidential is protected through appropriate technical and organizational measures. Customer data, business information, and internal company data are handled with strict confidentiality.
  • Integrity: We ensure that all stored and transmitted information remains accurate, complete, and unaltered. Data integrity is safeguarded through validation, verification, and monitoring mechanisms.
  • Availability: Our IT systems, networks, and applications are designed to always be available to support uninterrupted business operations. Emergency response plans and regular data backups are integral parts of our security concept to minimize downtime.
  • Risk Management: Information security risks are continuously identified, assessed, and mitigated. This includes regular risk analyses and the implementation of appropriate safeguards to detect and address threats at an early stage.
  • Access Control: We apply strict access management policies to govern user rights and system access. Sensitive information and systems are accessible only to authorized personnel.
  • Training and Awareness: All employees receive regular training on information security and are made aware of potential risks such as phishing and social engineering. Secure handling of information is a fundamental part of our corporate culture.
  • Compliance and Legal Requirements: We comply with all applicable laws and regulations related to information security, including the EU General Data Protection Regulation (GDPR) and relevant industry standards such as ISO/IEC 27001.

Quality Policy

The NORTH-TEC Group has established a quality policy that aligns with the purpose and strategic context of the company. This policy provides a framework for defining and reviewing quality objectives, while committing to customer satisfaction, regulatory compliance, and the continuous improvement of our management system.

  • Customer Focus: As a company, we are committed to understanding current and future customer needs, meeting defined requirements, and striving to exceed expectations.

  • Leadership: Management is committed to creating and maintaining an environment in which employees can actively contribute to achieving organizational goals.

  • Employee Engagement: We recognize that our employees are the foundation of our success. Full engagement enables the effective use of their skills for the benefit of the organization.

  • Process-Based Approach: We understand that desired results are achieved more efficiently when activities and related resources are managed as structured and interconnected processes.

  • Improvement: Continuous improvement of all aspects of the management system is a core objective and a key annual priority.

  • Evidence-Based Decision Making: We are committed to making decisions related to the management system only after careful analysis of all relevant data and information.

  • Relationship Management: The NORTH-TEC – Group recognizes that relationships with interested parties are interdependent. Mutually beneficial relationships enhance the capabilities of all parties and create added value.

This policy also encompasses our responsibility to meet the expectations of all relevant stakeholders, as well as our social, environmental, charitable, regulatory, and legal obligations.

Overall Responsibility

Overall responsibility for the Information Security Management System (ISMS) lies with the executive management. It ensures the availability of necessary resources and actively supports the required processes and structures. It is also committed to maintaining long-term awareness of both quality management and information security across the organization.

Scope of the ISMS

The scope of the ISMS includes all processes and services of the NORTH-TEC Group that are directly or indirectly related to the provision of customer services.

Responsibilities and Continuous Improvement

Executive management holds overall accountability for these policies. Managers ensure their implementation and compliance within their respective responsibilities.

  • Regular Reviews: Our quality and information security policies are reviewed at regular intervals and updated as necessary to reflect changing requirements and technological advancements.
  • Reporting: The status of quality and information security is reported on a regular basis. Deviations from defined objectives are analyzed, and corrective measures are implemented.
  • Commitment to Continuous Improvement: We are committed to continuously improving the quality of our products and services, as well as our security standards. This is achieved through structured feedback processes, innovation, and the active involvement of all employees.

NORTH-TEC Maschinenbau GmbH is committed to implementing this Quality and Information Security Policy across all areas of the company. We view quality and information security not only as compliance requirements, but as opportunities to build trust, reduce risk, and ensure long-term success.

Certificate

ISO 9001:2015 Quality management system

View German Certificate
Certificate

ISO/IEC 27001:2013 Information Security Management System

View German Certificate