Information Security

Our view on information security

At Centric we take information security very seriously. That is why we use the following principles:

  • Information security is a process, not a project
  • Information security is broader than IT
  • The purpose of information security is to provide adequate security of information
  • Awareness of information security is essential

Information security policy

With this vision in mind, Centric has drawn up an information security policy. This policy contains basic principles and steering mechanisms for proper information security. Our information security policy gives direction to our choices, procedures, measures, codes of conduct and work instructions related to information security.

The central objective of our policy is to ensure the reliability of the information provision within our business and the avoidance or limitation of any damage to our organization and our (services to) customers, based on a risk assessment.

Baseline information security

Our information security policy has been translated into an internal baseline information security. This baseline contains starting points and specific requirements for – technical, organizational and human-oriented – measures to protect our information and organization from threats, whether they come from inside or outside our organization.

Centric conforms to all relevant laws and regulations with respect to reliable information. In addition, we apply standards and best practices such as:

  • ISO/IEC 27001:2013 – Information Security Management Systems
  • ISO-IEC 27002:2013 – Code for information security
  • Grip-On-SSD; CIP – Method "Grip on Secure software Development (SSD)"

Within specific business units and services they also assess to whether additional measures are desirable, in addition to the baseline. In this way, measures can be taken to match the nature, context and content of specific services.

Information Security Management System

We use an Information Security Management System (ISMS) to translate security principles and risk management into measures and to implement and manage them.

Security organization

A specially appointed Corporate Information Security Officer (CISO) focuses on the implementation of and compliance to the baseline. The various business units are represented within the security organization by a Security coordinator (SC), while a Security Officer will facilitate the information security process within the system management centers for the concerned activities.

Overall coordination and governance is provided by the information Security Steering Committee, which includes a representation of the board of directors, the CISO, the Privacy Officer and the various security perspectives.


Various business units and processes within Centric are certified according to ISO27001:2013. Also, TPM / ISAE3402 statements are drawn up in consultation with various business units and processes

Attention to privacy

Of course, the privacy of individuals and the protection of personal data are given specific attention at Centric. This attention also aims to comply with the provisions of the General Data Protection Regulation (GDPR).

In our Privacy Statement we explain how we handle your personal data. Our Privacy Officer coordinates, facilitates and monitors efforts and compliance in this context. Do you have any questions regarding privacy? Mail them to privacy@centric.eu. We will reply to you as soon as possible!


All our employees are bound by a confidentiality statement regarding confidential information that they obtain during their employment contract.

Information Security Awareness

To achieve an adequate level of security, information security awareness is essential to both management and employees. We therefore pay a lot of attention to this.

Want to know more?

Do you want to know more about how Centric protects your data? Please contact your contact person within Centric or mail to security@centric.eu.