top of page

​

asp App - Security Policy

​

AgentSphere GmbH

Rüttenscheider Str. 120

45131 Essen

info@agentsphere.de

www.agentsphere.de

 

Managing Director authorized to represent the company: Steven Hooker

VAT ID no: DE 456061304

Register number: HRB 36708

Register court: Essen

​

​

​

 

1. Purpose

 

AgentSphere GmbH recognizes that information security is essential to the trust our customers place in us and to the resilience of our operations. It is the goal of AgentSphere’s management to protect all information assets and systems in line with the principles of:

 

  • Confidentiality – Protecting information from unauthorized disclosure.

  • Integrity – Safeguarding the accuracy and completeness of information.

  • Availability – Ensuring information is accessible and usable by authorized users when needed.

 

The purpose of this policy is to manage risks and implement effective security controls against threats to our information systems and customer data, whether internal or external, deliberate or accidental. Our approach focuses on preventing and minimizing the impact of security incidents while continuously improving our processes in alignment with our business goals.

 

The CEO of AgentSphere GmbH has approved and fully supports this policy.

​

 

 

2. Scope

 

This policy applies to:

 

  • All employees of AgentSphere GmbH across all operational locations.

  • Contractors, suppliers, and third-party partners who process, access, or manage AgentSphere information assets or systems.

 

 

3. Policy

 

AgentSphere GmbH commits to the following:

 

  • Compliance: All operations will comply with relevant legislation, industry standards, and contractual obligations. We focus particularly on alignment with ISO/IEC 27001:2022 and SOC 2 (AICPA Trust Services Criteria).

  • Access Control: Appropriate technical and physical access controls are implemented and reviewed regularly based on risk.

  • Asset Management: An inventory of assets is maintained and classified according to confidentiality, integrity, and availability (CIA).

  • Risk Management: Risks are assessed regularly and managed within acceptable limits by operating an Information Security Management System (ISMS) pursuant to ISO/IEC 27001:2022.

  • Security Objectives: Defined and implemented to support business objectives and ensure continuous improvement.

  • Business Continuity: Plans are documented, tested, and maintained to ensure resilience against disruptions.

  • Training: Regular information security training and awareness programs are provided to employees.

  • Third Parties: Vendors and contractors with system access are required to comply with this policy.

 

 

4. Responsibility

 

  • The CEO of AgentSphere GmbH approves and supports the policy.

  • The Compliance & Security Manager, in cooperation with the executive team, is responsible for establishing, monitoring, and reviewing compliance with this policy.

  • All employees are required to read, understand, and comply with this policy and report any incidents (internal or external, accidental or deliberate) to the Compliance & Security Manager.

  • Managers are responsible for ensuring that contractors and third-party vendors are informed about and comply with this policy.

 

 

5. Nonconformity

 

Any nonconformity or suspected breach of this policy must be reported immediately to the Compliance & Security Manager or to a designated member of the security team.

​​

 

6. Review

 

This policy will be reviewed annually or more frequently if required to ensure ongoing alignment with organizational objectives, customer expectations, and regulatory requirements.

 

 

7. Approval

 

Approver: Steven Hooker, CEO AgentSphere GmbH

Approved Date: 23 April 2025

​

Imprint

bottom of page