YouTube Disclaimer

In order to play this video, you must accept cookies from US providers. You can find details on this under cookie settings in our privacy policy. Consent to the setting of cookies from US providers can be given either here or under cookie settings in our privacy policy . Consent that has already been given can be withdrawn in the same way.

Integrated Management System

Structured management. Sustainable growth.

Picture of 8 people in a room working interactively on screens © STRABAG

Ensuring an effective Management System

At STRABAG Infrastructure & Safety Solutions, we live an Integrated Management System, which is ensured by our certifications in the following areas:

  • ISO 9001 (Quality)
  • ISO 14001 (Environment)
  • ISO 27001 (Information Security)
  • ISO 45001 (Occupational Health and Safety)
  • ISO 50001 (Energy efficiency in the workplace)
  • IRIS (International Railway Industry Standard)

Continuous improvement as a guideline

Our Management System supports us in this:

  • Ensuring the quality of our processes, services and products
  • Actively working to improve our energy and environmental performance
  • Ensuring and protecting the safety and health of our employees, subcontractors and fellow human beings as one of our greatest assets
  • Achieving our information security goals

Continuous improvement is our guiding principle: both for us as an organization and for our customers and partners.

Our Policies

At STRABAG Infrastructure & Safety Solutions, we are committed to complying with group-wide requirements and, in line with our motto “WORK ON PROGRESS”, pursuing these goals within our business units.

Representing the many policies that form the foundation of our Integrated Management System, we would like to highlight two of them in particular:

First, our Environmental and Energy Policy, which reflects our ecological responsibility as part of a globally active group; and second, our Information Security Policy, because for us as a communications and security company - especially in the field of critical infrastructures - data protection and confidentiality are far more than just buzzwords.

Here you will find the group-wide policies in the area of ESG (Environment, Social & Governance) as well as all information on the STRABAG Sustainability Strategy.

Environmental and Energy Policy

We act responsibly: We minimize environmental impacts in our sphere of influence and are committed to a sustainable supply chain. You can find our complete Environmental and Energy Policy here:
The picture shows the installation of the PV system in Ratten

Environmental and Energy Policy

pdf ∙ 82 KB
Image of high-rise residential buildings TrIIIple © STRABAG

Information Security Policy

Information security is of fundamental importance to us. Our aim is to achieve a security level that meets our information protection needs through the appropriate application of organizational, personnel, infrastructural, and technical security measures.

Objectives of the information Security Policy

  • IS-1 Compliance with legal, regulatory and contractual requirements relating to the security of information and information technology.
  • IS-2 Ensuring continuity and consistency of operations within the scope of certification.
  • IS-3 Maintaining the value invested in technology, information, work processes and knowledge and safeguarding the value of the information processed.
  • IS-4 Avoidance of financial and non-material damage.

All information that is generated, processed, stored or transmitted within the scope of application and all IT systems are included in the target achievement.

Principles of the Information Security Policy

In accordance with the security objectives in information security, the following principles are taken into account:
  • Confidentiality

    Confidentiality is the protection against unauthorized disclosure of information. Protective measures are therefore introduced and operated to prevent unauthorized access.

  • Integrity

    The loss of integrity of information means that it has been altered without authorization, information about the author has been falsified or the time of creation has been manipulated. Protective measures are therefore introduced and operated to prevent unauthorized changes.

  • Availability

    The availability of services, functions of an IT system, IT applications or IT networks or even information is ensured if users can always use them as intended. Protective measures are therefore introduced and operated to ensure the continuity of assets, existing information and the associated business processes at all times.

  • Security before availability

    If attacks on the integrity, availability or confidentiality of IT systems or networks are imminent, become known or other security risks arise, the availability of IT systems, data and networks may be restricted in accordance with the risk of threat and damage. Further restrictions in operation and convenience must be accepted.

  • Maximum principle

    It must be ensured that state-of-the-art protective measures are taken to protect assets, data and information as well as the availability of IT systems from risks in the best possible way - including through preventive measures.

  • Minimum principle of data storage and restrictive use

    If attacks on the integrity, availability or confidentiality of IT systems or networks are imminent, become known or other security risks arise, the availability of IT systems, data and networks may be restricted in accordance with the risk of threat and damage. Further restrictions in operation and convenience must be accepted.

  • Principle of the informed employee

    Information security affects all internal and external IT users without exception. Raising awareness and educating employees about information security and providing them with the necessary training is therefore a basic prerequisite for information security. The security measures and concepts must be kept transparent and understandable for the respective IT user.

  • Responsibility

    Each individual must avoid damage within his or her area of activity by acting responsibly and security-consciously and support the measures to safeguard information security to the best of his or her ability.

  • Effective action in the event of information security incidents and emergencies

    Disruptions to information infrastructures and threats to data and information require fast and effective responses in order to minimize consequential damage. Timely detection of threats and prepared and tested countermeasures to known threats should prevent or minimize any negative impact on assets. It is therefore necessary to design, document and practice the handling of information security incidents in advance. Ongoing precautions must be taken to limit damage in the event of an emergency.

Certificates

You can download our certificates here if required:

ISO 9001 Certificate

pdf ∙ 2 MB

ISO 14001 Certificate

pdf ∙ 2 MB

ISO 27001 Certificate

pdf ∙ 211 KB

ISO 45001 Certificate

pdf ∙ 2 MB

ISO 50001 Certificate

pdf ∙ 809 KB

IRIS Certificate

pdf ∙ 419 KB
STRABAG Infrastructure & Safety Solutions GmbH
Ignaz-Köck-Straße 19
1210 Vienna
Austria
+43 1 90 199-0
siss-office@strabag.com