Information Security Policy

purpose

According to the Law on Data Protection and Processing of Personal Data no. 90/2018, Savings must ensure the adequate security of personal data. This information security policy outlines the company's focus on the importance of that obligation. The company must protect personal data from all threats, both internal and external, and applies only whether those threats are intentional or negligent. Through this policy, employees, customers and others can rely on Savings's intent to safeguard the security of personal information, including confidentiality, accuracy and availability.

Extent

This information security policy covers the access and storage of all personal data held by Savings. It covers the internal operations of the company and the services provided by Savings to its customers on shared or dedicated equipment, as well as all internal systems, mind and hardware owned and under the full control of Savings. It also covers the premises where the personal data are processed, the employees and the contractual parties who have access to the information.

Aim

The aim of Sparnaður ehf. with this information security policy is to:

  • Personal data is correct and accessible to those authorized to access it.
  • Confidentiality and confidentiality of personal data are maintained in accordance with applicable laws and regulations.
  • Personal data is protected against damage, deletion or disclosure, regardless of whether this is due to intent or negligence.
  • Personal information that goes through the Savings system gets to the right recipient, undamaged and on time.
  • That the risks associated with the processing of personal data are within the defined risk limits.
  • To comply with all laws, regulations and regulations relating to the processing of personal data.
  • Comply with all agreements to which the company is a party and which relate to the protection of personal data.
  • Deviations, breaches or suspected vulnerabilities in information security are reported and investigated.
  • Continuous improvement is being made when it comes to information security.

Routes to a goal

Ways of saving towards the above goals are to:

  • Maintain records of information assets containing personal data, whether in electronic form or on paper, and classify them according to the nature and importance of confidentiality.
  • Regularly identify, through a formal risk assessment, the risks that the processing of personal data may entail for individuals.
  • Manage risks related to the processing of personal data within defined limits by operating an information security management system.
  • Carry out a data protection impact assessment if a particular type of processing is likely to pose a high risk to the freedoms and rights of individuals, such as the introduction of new systems that host or otherwise process personal data.
  • Maintain a quality manual with procedures and work processes for the processing of personal data.
  • All employees of Sparna receive regular training and education regarding the security of personal data and their responsibilities. All employees comply with applicable laws and regulations.
  • Ensure that copies of personal data are available and stored securely

Responsibility

  • The Savings Board is responsible for this information security policy and regularly reviews it.
  • The Savings Manager is responsible for the implementation of the policy.
  • The security manager takes care of the daily management of information security.
  • The Data Protection Officer shall ensure that staff receive appropriate education on the security of personal data.
  • All employees of Savings must work according to the information security policy. They shall be informed of security anomalies and vulnerabilities relating to information security. Those who threaten the information security of Intentionally Counsel are subject to legal action or other appropriate legal procedures.

Revue

This policy shall be reviewed annually and more frequently if necessary to ensure that it is consistent with the objectives of the Savings.

Consent

Approved by the board of Sparnaður ehf. 19.12.2019.