Business processes in all areas at Lufthansa are supported by appropriate IT systems. The use of IT is inseparable from risks to the availability and stability of business processes and the confidentiality of data. Our IT risk management process ensures that these risks are identified and evaluated and that the measures to reduce them are implemented as necessary. The IT systems are regularly assessed in terms of their security levels. The review is based on the criticality of the business processes as defined by those responsible for them. The assessment covers critical applications and joint infrastructures and takes a variety of potential threats into account, including system malfunctions, hacker attacks, and the theft and manipulation of data. The IT risk management process is organised on a cross-segment basis. The results are consolidated annually and discussed at Group level by the Risk Management Committee.
Any security vulnerabilities are addressed by organisational and technical measures. The Lufthansa Group’s IT security policy is permanently adjusted to conform to the latest IT security standards. An IT security organisation has been established to implement the security regulations, consisting of a corporate information security officer for the Group and information security officers for the companies. They are responsible for implementing the IT security standards in the companies and for emphasising the necessity of IT security to all staff by means of specific awareness-raising and training courses. In this way we can maintain an adequate level of IT security and guarantee that risks are reduced in an economically reasonable manner. The risk and security management systems and selected other measures are regularly reviewed by the internal audit department.
In connection with IT risk management and IT security management, data protection should protect customers, shareholders, suppliers and staff of the Lufthansa Group from any infringement of their privacy due to incorrect handling of their personal data. On the one hand, the department Corporate Data Protection ensures that the Lufthansa Group complies with the provisions of the Federal Data Protection Act by informing staff of the relevant passages of the statute and carrying out data protection audits. On the other, the data protection experts advise the operating departments on the introduction of new systems and on designing or altering processes in order to optimise and coordinate data protection and economic concerns from an early stage.