Exact takes information security, including personal data related security, very seriously. We have installed dedicated operational processes to manage it, appointed dedicated security staff and installed an internal reporting mechanism to facilitate proper decision making in case of incidents.
Obviously, we are committed to comply to the relevant legislation, such as the Dutch Data Protection Act. A key mechanism in managing information security is our Compliance Committee, in which we discuss security incidents, after being detected and analyzed by our Corporate Information Security Officer. The Compliance Committee consists of the heads of Legal Affairs, Global HR and Risk & Internal Audit and is chaired by the CFO; when needed, this committee can and will act immediately.
We are convinced that transparency on the quality of service we deliver is key. And therefore, we have chosen to voluntarily publish important security incidents we have encountered. In our vision security incidents will always happen; key is how often they occur and how you deal with them.
This section lists the three most recent security incidents that have been discussed in the Compliance Committee; these are incidents that we assessed as being important, or incidents for which we didn’t yet know how to classify them, since we never encountered them before. The incidents have been anonymized, but they provide an insight in which type of incidents has occurred, the severity and the actions taken. We trust this section shows that we take security and data privacy very seriously and strive to be exemplary in this field as well.18 January 2017 - Opportunity modification data