information security policy

Information security protects the information that is entrusted to us as a company and to us as individuals. Getting information security wrong, or ignoring it, can have significant adverse impacts on all of us, our customers, our reputation, and in the end also our finances.

By having a well-established Information Security Management System (ISMS), we can:
‍
• provide assurances for our legal, regulatory, and contractual obligations,
‍
• implement all the processes and risk assessments according to ISO/IEC 27001:2013 (or ISO 27001:2013),
‍
• ensure the right people have the right access to the right data and systems at the right time,
‍
• provide protection of personal data as mandated by the GDPR and local data privacy laws,
‍
• ensure business continuity and
‍
• minimize risk of damage.
‍

Information Security Principles

• Information security is managed based on risk, legal and regulatory requirements, business needs and requirements.

• Every individual in the company is essential for having a successful information security programme.

• A successful information security programme is also not possible without strong commitment from company leadership.
‍
• Compliance with information security policies, and everything related to it, is mandatory.
‍

Information Security Pillars
‍
The main pillars of information security are:

• Confidentiality: Information is only accessible to those with appropriate authority.
Involves all the efforts necessary to ensure the information is kept secret or private. To achieve this, access to information must be controlled in order to prevent unauthorized sharing – whether intentional or accidental. A key component of maintaining confidentiality is making sure that people without proper authorization are prevented from accessing assets.
‍
• Integrity: information is accurate and complete.
Involves ensuring the information is trustworthy and free from tampering. The integrity of information is maintained only if it is authentic, accurate, and reliable.

• Availability: information is available when it is needed.
Even if confidentiality and integrity is maintained, it is often useless unless it is available to those who need it. This means that systems, networks, and applications must be functioning as they should and when they should. Also, individuals with access to specific information must be able to consume it when they need to, and getting to the data should not take an inordinate amount of time.
‍

Information Security Objectives
‍
• We want to protect our organization’s information assets against all internal, external, deliberate or accidental threats.
‍
• We want to implement information security and data protection as part of our engineering culture and every day operations which we are doing through effective training and awareness.

• We want to provide the resources required to develop, implement, and continually improve the information security management system.

• We want to ensure that legislative and regulatory requirements are met.

• We want to effectively manage third party suppliers who process, store, or transmit information to reduce and manage information security risks.

‍