Introduction
This information security policy applies to all employees and others, who through agreement, gain access to information belonging to Fabege. Each manager is responsible for informing new employees about the contents of the current information security policy at the time of hiring. An information security plan and its instructions are available to support this policy.
Goal and strategy
The goal of the information security policy is to protect the company's information and information flows from getting into the wrong hands, or from being modified without authorisation. The is also to protect the privacy of the company and the employees. This is achieved by ensuring that the information retains its:
- Confidentiality
- Integrity (correctness)
- Accessibility
- Traceability
Laws and regulations
Laws and regulations that govern the business and its information security shall be identified and followed. Contacts with the necessary authorities shall be created where appropriate and kept up to date.
Examples of laws that have requirements for the company regarding how information is handled are:
- the General Data Protection Regulation, the Accounting Act and the Companies Act.
Threats and risks
Threats to information security can be both internal and external. Incidents can be both intentional and unintentional.
Risk analysis shall be carried out annually or at the time of major changes in the company's risk management procedures. The level of security must be adapted based on the risk analysis results and the company's risk acceptance.
Roles and responsibilities
The head of IT is responsible for Information Security issues at Fabege and it is the duty of each employee to comply with this policy. For questions and uncertainties, contact your manager or the head of IT at Fabege.
