Information security policy

Commitment

The purpose of OpusCapita’s Information Security is to secure the confidentiality, availability, integrity, and accountability of information and other information assets.

OpusCapita is committed to corporate security management and development as well as having an objective to ensure undisturbed business operations in all circumstances. The security activities in OpusCapita are governed by OpusCapita’s commitment to protecting its employees, information, processes, and assets as well as the corporate reputation. OpusCapita has a special focus on protecting the information in various formats that its customers have trusted to be handled by OpusCapita.

The requirements, targets, and values formulate a security baseline, i.e., the minimum security level to be met in all OpusCapita sites and services. It is implemented as part of the OpusCapita management system, called OpusCapita Processes. Delivered by or to OpusCapita.

Any deviation from the security baseline must be:

  1. Based on a thorough risk analysis and justified,
  2. Approved by the Head of a business unit / Head of function and the Information Security Manager
  3. Well documented
  4. Temporary.

The defined security baseline is under constant improvement and review to suit the changing business environment and to follow technology development trends and legal requirements.

This Information Security Policy and Information Security Management System applies to all employees, externals,  contractors, part-time workers, service providers, and those employed by others to perform work on OpusCapita premises, remotely, or who have been granted access to OpusCapita’s or its customers’ information, assets or information systems.

Framework

The OpusCapita Processes is built based on recognized best practice principles as defined in ISO 27001 and other relevant industry frameworks.

The top directive is this Information Security Policy followed with associated processes, guidelines, and other supportive material.

Responsibilities

The CEO is accountable for the Corporate Security Management in OpusCapita. The Head of each OpusCapita unit is responsible for organizing Information Security within their respective units and identification and management of Information Security risks as part of their business processes, guided by the Information Security Manager.

The Information Security Manager is responsible for leading and developing information security across OpusCapita and supporting the organization in security management.

All people working for OpusCapita are responsible for following this security policy and its related documents, processes, and requirements and reporting any security breaches, defects, risks, or violations of policies, guidelines, information, or assets to their supervisor, local guidelines, senior manager and informing Information Security Manager according to instructions.

Violations of this policy, related processes, and guidelines may result in disciplinary actions. Necessary and appropriate measures are assessed on a case-by-case basis by the line management, the Human Resources function, and the Information Security Manager.

Implementation

The implementation of the policy, principles and security baseline, and information on their practical implementation is provided in the internal Information Security process, guidelines, and other supportive material.