Information Security Program

We’re fully committed to adhering to the guidelines listed below, in line with our ISMS policies and procedures.

    • Implement and maintain the Information Security Program at Daxap AS.
    • Continuously improve and align information security practices to global best practices and standards.
    • Information security policies shall be reviewed regularly. Daxap AS employees shall acknowledge their adherence to these information security policies and practices annually.
    • Security awareness training shall be provided regularly.
    • Internal assessments or audits of Daxap AS’s Information Security Program shall be performed periodically, and any gaps or findings shall be remediated promptly.
    • A risk assessment process for Daxap AS’s information assets shall be defined and followed. Risk reduction shall be carried out through the process of continuous improvement.
    • Daxap AS’s information asset inventories shall be reviewed and updated when a new asset is added and/or an existing asset is upgraded.
    • Business continuity plans (BCPs) and backup plans shall be reviewed and tested at least annually.
    • Roles and responsibilities shall be clearly defined and communicated to relevant individuals.
    • Information should be classified and handled according to its criticality and sensitivity as mandated by relevant legislative, regulatory and contractual requirements.
    • Appropriate contacts shall be maintained with relevant authorities, special interest groups or other specialist security forums.
    • As needed, the security incidents would be reported outside of Daxap AS by a designated person nominated by executive management.
    • Requirements for confidentiality or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed and documented.
    • Prevention, detection, and recovery controls to protect against malware shall be implemented by Daxap AS, and these will be combined with appropriate user awareness.
    • An incident management process shall be established to correctly identify, contain, investigate, and remediate incidents that threaten the security or confidentiality of Daxap AS’s information assets.
    • Daxap AS shall develop and maintain a vendor management process for third-party vendor engagement and assessment.
    • Change and vulnerability management controls shall be established and implemented.