GĂĄ til indhold
Dansk
Kundeportal
Woba Analytics
  • Der er ingen forslag, da søgefeltet er tomt.

🟢 Information Security Policy 20.11.2024

Last updated 20.November 2024

1. Purpose

The purpose of this information security policy is to establish the framework for information security work in Woba. Furthermore, the policy aims to create a common understanding of what information security entails, including defining objectives and responsibilities for information security work in Woba.

2. Definitions

Information security is understood as the protection of all assets involved in or contributing to the processing of data, both electronically and physically. Protection encompasses all relevant measures; including measures related to organizational processes, individual behavior, physical environments, and technology. Data refers to all information related to Woba's business operations; including the development, delivery, and servicing of solutions/products to customers and potential customers, as well as information related to employees, etc. in Woba.

3. Scope

The policy applies to all of Woba's business operations, including all employees, etc., and all use of systems, etc., used by Woba.

4. Objectives

Woba considers information security work a quality element that supports the credibility of the product offered by Woba. This is reflected in Woba's efforts to ensure a high level of security that continuously reflects its contextual development. Woba strives to achieve the following certifications/declarations:

ISAE-3000

Woba strives to promote a good information security culture based on a mindset that a high level of information security is a crucial competitive parameter in a digitalized world.

Woba wishes to communicate this message to both employees and customers, which should be expressed through a strong awareness campaign and through general communication. Information security work in Woba must be based on applicable legislation and recognized standards in information security. This must be reflected in the level of information security in Woba, which must comply with the requirements that can be derived therefrom. The level of security in Woba must at all times reflect the fact that Woba complies with the agreements that Woba has entered into with its customers regarding the security of the processing of their data. The level of security in Woba must be determined on the basis of risk assessments that take into account the current threat landscape. The level of security in Woba must also ensure a high degree of confidentiality, integrity, and availability:

â—Ź Confidentiality: Data may only be accessible in relevant systems and to those persons who, based on a necessity assessment, have been granted access. The data must be handled confidentially within these frameworks.

â—Ź Integrity: Systems, including IT systems used as part of business operations, must be reliable and function correctly. It must also be ensured that the data basis is both reliable and trustworthy.

â—Ź Availability: Woba systems must be available 24/7 to the extent that this is possible, taking into account the maintenance of the systems in question, etc. The systems must be subject to the necessary security measures to ensure availability (as well as confidentiality and integrity). An IT contingency plan must also be maintained to ensure that normal operation of business systems can be re-established within 24 hours if availability is temporarily lost.

5. Responsibility

Management in Woba has overall responsibility for ensuring that Woba complies with the objectives of this policy. The day-to-day management of information security work is carried out by the internal compliance team For each system used in Woba, one or more system administrators have been designated who are responsible for information security in relation to the individual system. Each employee is responsible for performing their work in accordance with this policy and for following the guidelines, etc., that arise from this policy. Each employee is also obliged to notify management of any breaches of information security or suspicion thereof.

6. Follow-up

This policy, as well as the guidelines, policies, and procedures that arise from it, is reviewed and approved once a year by the management of Woba in cooperation with the company's internal compliance team.

Any changes to this policy or the guidelines, policies, and procedures that arise from it must be made in compliance with the obligations that Woba has based on concluded contracts, data processor agreements, etc.

The level of security is continuously assessed by the company's internal compliance team in cooperation with the company's IT department to the extent necessary to comply with the objectives of this policy.

7. Violation

Violation of this information security policy or supporting guidelines, policies, or procedures may have employment law consequences.

8. Exceptions

This policy may be deviated from if management deems it necessary for business operations. Deviations from this policy must be specifically justified and documented. Management must strive to avoid deviations as much as possible.

9. Supporting Guidelines, Policies, and Procedures

Woba maintains a register of current guidelines, policies, and procedures that arise from this policy.

10. Documentation

Woba documents its work on information security and compliance with data protection regulations on the Woba site in Wired Relations.

11. Contact

Questions regarding Woba's work on information security and data protection can be directed to the company's internal compliance team.

Contact: Peter Engel Møller mail: pm@woba.io Phone +45 28408820