IT SECURITY POLICY

Read about how we approach IT security and how we protect information, our systems and our digital assets. This policy sets out the principles governing the secure use of IT and how we prevent, manage and monitor security risks.

OUR APPROACH TO IT SECURITY

Protecting the organisation's information, IT systems and digital assets is a priority. IT security is an integral part of our operations and includes how information is managed, stored and shared in a secure, lawful and efficient manner.

The IT security policy applies to everyone who uses the company’s IT resources, including employees, consultants and business partners.

RESPONSIBILITIES AND WORKING METHODS

IT security work is based on defined roles and responsibilities. Management has overall responsibility for IT security and ensures that the necessary resources are in place. IT managers are responsible for the operation, updates and protection of systems, as well as providing support and training to the organisation. All employees are responsible for using IT systems securely and adhering to the guidelines.

We comply with current laws and internal guidelines and work actively to prevent security risks and manage incidents in a structured manner. Knowledge and awareness are an important part of IT security. Therefore, employees receive regular training to enable them to identify risks and act securely in their daily work.

PROTECTION OF INFORMATION AND SYSTEMS

We work to ensure that information and systems are protected against unauthorised access, loss and misuse. This means, among other things, that access to systems is restricted to authorised users, that sensitive information is protected through measures such as encryption, and that regular backups are carried out.

Systems and software are kept up to date to reduce vulnerabilities, and we apply the principle of least privilege to further strengthen security.

SAFE USE OF IT RESOURCES

IT resources, such as email and the internet, are to be used primarily for work-related purposes and must be managed responsibly. Equipment such as computers and mobile phones must be protected with secure login credentials, and any loss or theft must be reported immediately.

Only approved systems and storage solutions are used for the company’s data.

INCIDENT MANAGEMENT

All security incidents, such as suspected breaches, viruses or loss of equipment, must be reported immediately. By acting quickly, we limit the consequences and can take the necessary measures.

Incidents are analysed, documented and followed up to strengthen our preventive work and reduce the risk of similar incidents occurring again.

ARTIFICIAL INTELLIGENCE

The use of artificial intelligence within the organisation must be carried out in a safe and responsible manner. AI solutions must be transparent, comply with applicable legislation and must not compromise the security or integrity of the organisation's information.

Only approved AI systems may be used. Data used in AI-related contexts must be protected, for example through anonymisation or encryption. Risks associated with AI are analysed and monitored, and its use must be consistent with the company’s values.

MONITORING AND IMPROVEMENT

Our IT security work is regularly reviewed to ensure that the policy remains up to date and effective. By continuously updating and adapting to new threats and technological changes, we develop our approach over time.