IT Security policy
Systems implemented and operated by Systor handle personal data as well as business sensitive information. In Norway (as in other countries) the management of information security is basically regulated by the Personal Data Act ('Personopplysningsloven'). Systor's IT Security Policy is based on the requirements set forth by the Personal Data Act (and also the related ISO 27001 standard) and encompasses all operations of the company where IT is used, be it for internal purposes or as a part of a service provision to customers. Our procedures for internal control assures that the IT Security Policy is in line with current laws and regulations and that information security is managed and requirements fulfilled according to the policy.
Project management with respect to information security will also involve audit by an external auditor as for example the CS Norway project (audit with respect to the Personal Data Act).