Information Security Policy
Informationsteknik Scandinavia AB shall conduct systematic, continuous and risk-based information security work with the support of a management system. This shall reflect the needs of the business and guide all handling of information for which Informationsteknik is responsible. We shall achieve a high level of information security by:
- Information security is conducted in line with the business direction with regular evaluation and continuous development.
- Our information assets are known, classified, documented, monitored and appropriately protected.
- Risks and threats to our information are continuously identified, classified, evaluated and addressed.
- Our information will always be available when we need it (availability). Our Information shall be accurate, not tampered with or destroyed (accuracy). Only authorised persons shall have access to our Information (confidentiality).
- Information on how to handle our information must be available to all employees.
- Managers and employees must undergo relevant training in information security.
- There must be the possibility to report deviations, incidents and improvements. Procedures for this must be well known by all employees and other interested parties.
- We shall enable a rapid return to normal operations if an adverse event occurs by having functioning processes and procedures for identifying, reporting, assessing, documenting and managing incidents.
This policy provides the Company's direction and support for managing the Company's information in a systematic and information-safe manner. The policy applies to all Company personnel, both employees and consultants.
Approved by: Patrik Camp, CEO / 151116