Information Security

Our work with information security is conducted in a formalized and risk-oriented manner based on the international standard Information Security Management System, ISO/IEC SS 27001:2014.

The IIS Board defines the objectives and direction for information security in an information security policy. This Policy is the overarching document that formulates the goals for and controls the work of the organization’s overall risk management and information security. The policy covers all information assets within the organization without exception, whether processed manually or automatically, and regardless of in what form or setting it occurs. All information are classified with respect to the sensitivity. The overall purpose of IIS information security management system is to ensure a balanced protection for IIS information assets so that the right information is available to the right person at the right time and in an auditable manner.

The company is certified according to the standard SS ISO/IEC 27001:2014. The certified area includes the provisioning of robust and secure internet-based services to both private and public sectors as well as the public in general. The certification ensures that IIS in a systematic and responsible manner is working with information security in all parts of our business.