Data Erasure

Information security policy GPEX

GPEX is a trade organization focused on the export of used copiers. The provision of information is crucial to deliver the services of GPEX. The information security management system includes the security of the logistics, sales, purchasing and administrative business processes in the trade in used copiers.  

The objectives of information security are:

– Ensuring the continuity of GPEX business operations in case of calamities during Mon-Sat 07.00 – 21.00 hours.

– Identification, assessment, treatment and reduction of the risks in the provision of information.

– In collaboration, use the automated solutions of suppliers for optimal business operations and good information security.  

– The correct application of the information security management system ISMS. 

Information Security Management System (ISMS)

Information security is a continuous process of setting and enforcing the right procedures en risk improvement plans. The security must comply with the relevant laws and regulations; in particular the privacy legislation (GDPR). Rules of conduct and procedures are laid down in the company regulations. The management requires the employees to take note of the company regulations and procedures and to strictly follow them. Procedures are adapted annually to the changed environment, to the state of the art and the available resources. 

GPEX removes information from the copiers in accordance with the agreements with the client. Information removed from the copiers should not be processed or reused in any way. Employees are required to handle this confidentially. 

In order to run its business efficiently and effectively, GPEX prefers to use third-party SaaS solutions with adequate backup processes. Access to the systems is preferably secured with a two-step authorization and a password manager. Incidents related to.b regarding the security of the information provision of GPEX, the responsible party handles with escalation to the security officer and management. Necessary cryptographic measures have been outsourced. Customers and suppliers do not have direct access to GPEX’s automated systems. 

 The information security policy and the risk assessment criteria are assessed each year by the management and updated on the basis of the growing context of the organization. Every quarter, the management is informed about the state of information security. Improvements and adjustments in procedures and/or measures, resources are included. The management system is based on the international standard for information security; GPEX B.V. has an up-to-date ISO 27001 certificate.