General Information Security Policy

Ivelion Health GmbH is committed to protecting the confidentiality, integrity, and availability of all information assets. This policy establishes the security objectives that guide our organization:

• Protect the confidentiality, integrity, and availability of information assets owned or managed by Ivelion Health GmbH.
• Ensure compliance with all applicable legal, regulatory, and contractual requirements, including GDPR and relevant healthcare data protection standards.
• Implement and maintain a risk management framework to identify, assess, and mitigate information security risks.
• Promote a culture of security awareness among all employees, contractors, and third-party partners.
• Ensure business continuity through appropriate planning and regular testing of recovery procedures.
• Define and enforce access control policies to ensure that information is accessible only to authorized individuals.
• Maintain incident response procedures to detect, report, and respond to information security events promptly.
• Continuously improve the information security management system through regular audits, reviews, and updates.
• Protect patient data and clinical trial information with the highest level of security controls appropriate to their sensitivity.
• Ensure that all third-party service providers and partners meet our information security requirements.

Enforcement, Exceptions and Complaints

All employees and contractors are required to comply with this policy. Violations may result in disciplinary action. Exceptions to this policy must be approved by management and documented accordingly.

If you have any questions, concerns, or complaints regarding this policy or our information security practices, please contact us at alex.pieper@ivelion.com