Not only our environment, people and our economy are resources that need to be protected. Our knowledge, which is increasingly digitalised today, is also worth protecting for Baloise and can offer social added value for sustainable development through participation.
Digital sustainability is a concept aimed at the longevity of digital artefacts such as software. It explains why open source licenses are necessary, but not sufficient, to be sustainable in the long run. Sustainable digital artifacts must meet basic conditions (only in German) for the digital good and its ecosystem.
Digitisation allows knowledge, data and software to be freely distributed and used. Baloise therefore promotes the use, contribution and release of so-called open source software, which is freely available to the public. This gives Baloise the opportunity to share its knowledge with society, exchange ideas, drive innovation and extend the benefits of digitisation for society.
Within Baloise, only a few but specific rules apply to the handling of open source software. The security of our customer data has top priority. A central design principle is the separation of code and data (Separation of Concerns). This means that customer data is not part of open source publications. In general, the Baloise Open Source Guidelines and our Code of Conduct apply. An open source team has been set up as a contact for this topic, which is available to help Baloise employees with questions and uncertainties.
Information security deals with confidentiality, integrity and availability of all business-related data and information. IT compliances focuses on the regulatory and statutory requirements faced by modern IT.
In times of every-growing cyber risks and tougher privacy policies, Baloise makes this field a priority. Baloise sees information security as a key factor for the digital transformation and an essential part of becoming the trusted choice for customers and employees who simply want to feel safe.
More specifically, this involves promoting security experts within Baloise and continuously improving employees’ awareness. In this case, our focus is not only on internal company information, but also our customer’s data and information.
Our knowledge in the field of information security and digitalisation also aims to provide a social benefit. This is why we started the Baloise Digital Pathfinders (available in German only) and have been offering our expertise on a voluntary basis at various events and talks since 2016. The topic of information security is explored in a more targeted manner there.
The establishment of an information security governance framework within Baloise ensures that the Group-wide approach to information security supports corporate governance standards. In addition, implementing an information security assurance program will help ensure a structured, business-based and risk-focused, continuously improved approach to information security management throughout the Group.
In doing so, we rely on the following principles of our information security strategy:
- Risk-based approach
Security investments are made based on analyzed threats, vulnerabilities, criticality of data and potential damage.
- Integrative Security
When developing new solutions, security and data protection are considered from the very beginning. This is how we develop and operate secure services and platforms.
- Framework conditions for security
The implementation of security controls is based on best practices, which allows for comparability with the peer group.
- IT Compliance
We understand our legal and regulatory environment and proactively help to ensure efficient compliance.
- Safety culture
Baloise fosters a culture of self-responsibility. We promote a safety-conscious culture through awareness and education training.