Information Security Objectives
Wärtsilä's information security objectives are to:
- Protect the confidentiality, integrity, and availability of Wärtsilä information, data, and IT Resources, including customer information and the personal data of its employees, customers, and business partners.
- Ensure compliance with legal and regulatory requirements related to information security and data protection.
- Communicate the importance of effective information security management and of conforming to the information security management system requirements.
- Foster and promote a culture of information security awareness and responsibility among Wärtsilä employees, contractors, partners, and other stakeholders.
- Continuously improve Wärtsilä information security posture by identifying, assessing, and mitigating information security risks.
- Support the success of the Wärtsilä group and our valued customers.
The Wärtsilä information security objectives are regularly reviewed to ensure relevance and validity.
Policy Framework
Wärtsilä's Information Security Policy is based on the following non-exhaustive components:
- Information Security Management System (ISMS): Wärtsilä will maintain and continually improve an ISMS that is certified against the ISO 27001:2022 standard.
- Risk Management: Wärtsilä will identify, assess, and manage information security risks through a risk management process that is integrated with the ISMS and wider group risk processes.
- Compliance: Wärtsilä will comply with all applicable legal and regulatory requirements related to information security and Privacy and data protection.
- Application Security: Wärtsilä will manage its IT applications to ensure their confidentiality, integrity, and availability.
- Access Control: Wärtsilä will implement appropriate controls to ensure that only authorized persons have access to its IT Resources.
- Information Asset Management: Wärtsilä will identify and manage its information assets to ensure their confidentiality, integrity, and availability.
- Incident Management: Wärtsilä will establish and maintain an incident management process to detect, respond to and recover from information security incidents.
- Human Resources Security: Wärtsilä will ensure that all employees, contractors, and other stakeholders are aware of their information security responsibilities and that their access to Wärtsilä IT Resources is appropriate.
- Physical Security: Wärtsilä will implement appropriate physical security measures to protect its IT Resources.
- Monitoring and Review: Wärtsilä will continuously monitor and review its information security performance to ensure the effectiveness of the ISMS and to identify opportunities for improvement.
Information Security Roles and Responsibilities
The Information Security Policy is approved by the Wärtsilä Cyber Security Committee. Wärtsilä's Information Security Policy is reviewed and updated on a regular basis to ensure that it remains current and relevant to the organization's needs.
Information Security roles and responsibilities are defined, documented, and aligned between key responsibility holders.
Conclusion
Wärtsilä is committed to ensuring the security of its IT Resources and to complying with all legal and regulatory requirements related to information security and data protection. Wärtsilä is also committed to continual improvement of the information security management system.
All employees, contractors, and other relevant stakeholders are expected to comply with the policy and to report any information security incidents to the Wärtsilä Security Operations Centre.
By complying to the policy all employees can contribute to the effectiveness of security governance and increase Wärtsilä's information security performance.
