This page portrays ista’s security organization and security measures. It also includes certificates, an overview over policies and procedures and important downloads, for maximum transparency.
ista SE is one of the leading energy service providers with headquarters in Essen, Germany, and more than 6000 employees working in over 20 countries. In this strongly regulated sector with its high requirements for the security of systems and processes, ista has specialized in the recording and billing of energy consumption data and in contributing to the improvement of energy efficiency of buildings. This is how ista supports housing associations, property managers, private landlords and commercial and industrial companies on their way to make buildings more climate-friendly and future-proof.
Constantly striving to fulfil this claim, ista puts a high focus on the security of information, processes and services. The information security policy of the company aims at ensuring the confidentiality, integrity and availability of information and of the entirety of systems and processes. It is at the core of ista’s security objectives and controls and ensures compliance with all relevant legal, regulatory and contractual provisions.
The security of information, processes and services is decisive for long-term success. ista’s information security policy ensures compliance with all relevant legal and contractual provisions.
ista uses Panorays as service provider to assess the Cyber Posture Rating. The rating is updated here in the trust centre once a quarter.
The company’s information security organization is integrated into the international company structure across departments and disciplines. It supports departments with targeted advice on specialist topics, issues guidelines on information, IT and cyber security and organises specific trainings.
All data center capacities of ista SE are located in Germany and are ISO/IEC 27001 certified. ista is also renting Azure cloud capacities. ista SE itself does not operate any data centers.
The internal service providers ista Customer Service Poland and ista Technologies Poland sp. z o.o. are also ISO 27001 certified.
ista operates a Coordinated Vulnerability Disclosure Programme (CVDP).
Find out more about ista’s CVDP
ista ensures transparency and minimum effort. The ISO/IEC 27001:2022-based self assessment and the CIS assessment provide a first overview over the security organization and security measures.
ista supports your Vendor Risk Management with an efficient process, minimizing effort, promoting trust and transparency. An ISO/IEC 27001:2022-based questionnaire complements the Cyber Posture Rating and provides a basic overview over the security controls and the security organization.
CIS Controls set the baseline for performance and level of maturity of IT and cyber security at ista. External service providers review and document the implementation on a yearly basis.
Guidelines and process instructions on information security are documented in the form of policies and procedures which are binding for the entire ista Group. The documents are created, designed and structured based on common standards of information and IT security and in accordance with compliance requirements.
ista has established a holistic information security framework which defines clear guidelines and processes for the security of information, systems and digital infrastructure. This framework ensures compliance with highest security standards and creates a reliable basis for secure operations and a continuous development of the company.
The protection of personal data is of high importance to us at ista. Our data protection measures comply with requirements of both General Data Protection Regulation (GDPR) and Federal Data Protection Act (BDSG) to protect the rights of our customers.