Cybersecurity is part of our IT strategy and is embedded in our IT Directive by way of the Information Security Policy. The policy approach is likewise publicly documented in our information security guidelines. These frameworks have been approved by the Executive Board of HOCHTIEF Aktiengesellschaft. They are mandatory throughout the Group and their implementation is binding for all HOCHTIEF companies. During implementation of its policies/actions, HOCHTIEF takes into account the requirements of ISO 27001 and thus of a structured information security management system (ISMS). The policies and actions are continuously fine-tuned in consultation with the relevant stakeholders (such as our own workforce, business partners, and clients). To this end, positions, committees (such as the IT Steering Committee), and processes (such as for exception requests and concept approval requests) have been established to ensure that all requirements (relating, for example, to operations, investment spending, or information security) are addressed in a structured manner, taking the material impacts into account.