Compliance

Information Security

1. Information Security at WMS engineering GmbH

The protection of information is our highest priority. If you identify an information security incident or suspect a security-relevant impairment, please report it immediately.

2. What Constitutes an Information Security Incident

An incident may be anything indicating a potential threat to the information security of WMS engineering GmbH. This includes obvious security-critical events, as well as suspicions or unusual occurrences that come to your attention. Please report all observations that may indicate possible misuse or a vulnerability so that we can promptly assess the situation and, if necessary, take appropriate measures.

Possible examples of an incident (non-exhaustive list):

Unauthorized access to systems or data
Suspected phishing or other attack attempts
Loss or theft of devices / information belonging to glacier ac GmbH
Technical malfunctions with security-critical impacts on data of WMS engineering GmbH

3. Contact Options

WMS engineering GmbH
Jahnstraße 1
79771 Klettgau-Grießen
Phone +49 7742 85757-0

E-Mail: isb@wms-engineering.de

Requirements for Compliance with Information Security During Cooperation with Suppliers

1. General

This document describes the fundamental handling of information security for suppliers, the handling of sub-suppliers, and the IT security regulations to be observed when using information and IT devices (e.g. desktop computers, notebooks, smartphones, tablets) for suppliers of WMS engineering GmbH.

These requirements apply to the management of our suppliers, their employees, and their agents/subcontractors (hereinafter referred to as “Contractors”).

Management is obliged to independently pass this document on to its employees, agents, and, where applicable, any sub-suppliers.

2. Exchange of Information

During all discussions involving confidential or secret information of WMS engineering GmbH, including telephone conversations, care must be taken to ensure that unauthorized persons cannot overhear them.

3. Physical Transport of Media

As a general rule, media containing information of WMS engineering GmbH must be protected against unauthorized access, misuse, or manipulation during transport, including across organizational boundaries.

All necessary and appropriate precautions (e.g. encryption) must be taken to protect information during transport against inspection, alteration, and deletion by unauthorized persons (including family members and friends). Data carriers must be transported concealed from view. Data carriers containing secret information must always be escorted and transported by an employee of the supplier/contractor. Documents must be transported protected from view, e.g. in a non-transparent folder.

4. Physical Transport of Notebooks

Notebooks containing information of WMS engineering GmbH must be transported in such a way that they are not visible from the outside. Furthermore, when used in public, care must be taken to ensure that no third parties can read information displayed on the screen and/or spy on the entry of confidential authentication information.

5. Handling of Information Security Incidents and Communication

Serious information security incidents (e.g. malfunctions, loss of data, unlawful actions, cybercrime attacks) must be reported immediately to the Information Security Contact at isb@wms-engineering.de or by phone at +49 (0) 7742 85757-0. Any suspected loss of confidential or secret information must also be reported to the Information Security Contact.

6. Audit Rights Regarding Information Security

The supplier/contractor grants WMS engineering GmbH the right, exercisable at any time after prior notice, to inspect and review all data relating to business transactions concerning information security between the supplier/contractor and WMS engineering GmbH, as well as to review IT and data security measures.

Employees of WMS engineering GmbH or third parties commissioned by WMS engineering GmbH may enter the supplier’s/contractor’s premises during normal business hours for this purpose. The supplier/contractor shall bear the costs of the inspection if violations of information security and/or agreements relating to the respective assignment are identified, unless such violations are not attributable to fault on the part of the contractor.

7. Confidentiality Agreement Between the Supplier/Contractor and Its Employees

The supplier/contractor of WMS engineering GmbH undertakes to conclude a confidentiality agreement (either separately or as part of the employment contract) with all employees who receive or may access information of WMS engineering GmbH during the course of the cooperation. Proof of compliance is the responsibility of the supplier/contractor and must be provided to WMS engineering GmbH at any time upon request.

8. Subcontractors

If the supplier/contractor commissions additional subcontractors, it bears full responsibility for passing on and implementing all information security-related requirements. The supplier is obliged to ensure that the subcontractor complies with these requirements.

Upon request by WMS engineering GmbH, the supplier must provide evidence of compliance with the requirements.

In the event of demonstrably serious breaches of duty or substantial misconduct by the subcontractor or its agents, WMS engineering GmbH reserves the right to reject the subcontractor.

In addition, WMS engineering GmbH may terminate the contract extraordinarily for good cause and/or assert claims for damages.

9. Compliance with Information Security (Supply Chain)

When commissioning subcontractors, the supplier/contractor must ensure that the requirements of WMS engineering GmbH regarding compliance with information security are also observed by the subcontractor. This also includes the conclusion of confidentiality agreements with sub-suppliers. Proof of compliance is the responsibility of the supplier/contractor and must be provided to WMS engineering GmbH at any time upon request.

If the supplier/contractor is authorized to issue subcontracts, it shall bear full liability for them, irrespective of any contractual or statutory limitations or exclusions of liability relating thereto.

Whistleblower Protection Act

1. Reporting Information Under the Whistleblower Protection Act

Do you have knowledge of possible violations or concerning activities at WMS engineering GmbH? Are you an employee, intern, freelancer, contractor, business partner, or supplier? Then we encourage you to report your concern. Your voice matters to us.

2. Secure and Confidential

We guarantee that your identity will remain protected and that your information will be treated confidentially. In accordance with the Whistleblower Protection Act, we assure you that no retaliatory measures will be taken against you. We encourage you to provide your name so that we can give you feedback regarding the reported information. All reports concerning WMS engineering GmbH are externally reviewed and processed by a neutral body. This ensures that there are no conflicts of interest in the handling of reports.

3. Reporting Violations

How to Submit a Report

By email: hinweis@wvib.de. You may submit your report anonymously or provide contact details.

By telephone: For those who prefer to submit reports by phone. Telephone: +49 761 4567-444.

What Violations Can You Report?

The Whistleblower Protection Act is intended to protect you if you report certain misconduct at WMS engineering GmbH. The following types of violations may be reported:

Financial irregularities: fraud, corruption, embezzlement, financial manipulation.
‍‍
Violations punishable by a fine: These include breaches of rules that are particularly important for the safety and well-being of employees. Examples include:
- Violations of occupational health and safety regulations.
- Non-compliance with the Minimum Wage Act.

Violations of criminal law: If you become aware that laws are being broken within the company, you can and should report this. This includes all forms of criminal offences under German law.

Important to know: If issues do not constitute a criminal offence or an administrative offence punishable by a fine, they generally do not fall under the Whistleblower Protection Act. This means that in such cases, the law does not provide special protection for reporting.

What Happens After Your Report?

Confirmation: When submitting a report by email, you will receive an automatic confirmation from the system that your report has been received.

Investigation: Every report is taken seriously. If necessary, an internal investigation will be initiated.

Feedback: Within a reasonable period of no more than 3 months, you will be informed about the progress and outcome of the investigation. This is only possible if you have provided your contact details when submitting the report.

What Violations Can You Report?

The Whistleblower Protection Act is intended to protect you if you report certain misconduct at WMS engineering GmbH. The following types of violations may be reported:

Financial irregularities: fraud, corruption, embezzlement, financial manipulation.
‍‍
Violations punishable by a fine: These include breaches of rules that are particularly important for the safety and well-being of employees. Examples include:
- Violations of occupational health and safety regulations.
- Non-compliance with the Minimum Wage Act.

Violations of criminal law: If you become aware that laws are being broken within the company, you can and should report this. This includes all forms of criminal offences under German law.