We are fully committed to adhering to the guidelines listed below, in line with our ISMS policies and procedures.

• • Implement and maintain the Information Security Program at Daxap AS.
  • Continuously improve and align information security practices to global best practices and standards.
  • Information security policies shall be reviewed regularly. Daxap AS employees shall acknowledge their adherence to these information security policies and practices annually.
  • Security awareness training shall be provided regularly.
  • Internal assessments or audits of Daxap AS's Information Security Program shall be performed periodically, and any gaps or findings shall be remediated promptly.
  • A risk assessment process for Daxap AS's information assets shall be defined and followed. Risk reduction shall be carried out through the process of continuous improvement.
  • Daxap AS's information asset inventories shall be reviewed and updated when a new asset is added and/or an existing asset is upgraded.
  • Business continuity plans (BCPs) and backup plans shall be reviewed and tested at least annually.
  • Roles and responsibilities shall be clearly defined and communicated to relevant individuals.
  • Information should be classified and handled according to its criticality and sensitivity as mandated by relevant legislative, regulatory and contractual requirements.
  • Appropriate contacts shall be maintained with relevant authorities, special interest groups or other specialist security forums.
  • As needed, the security incidents would be reported outside of Daxap AS by a designated person nominated by executive management.
  • Requirements for confidentiality or non-disclosure agreements reflecting the organisation's needs for the protection of information shall be identified, regularly reviewed and documented.
  • Prevention, detection, and recovery controls to protect against malware shall be implemented by Daxap AS, and these shall be combined with appropriate user awareness.
  • An incident management process shall be established to correctly identify, contain, investigate, and remedy incidents that threaten the security or confidentiality of Daxap AS's information assets.
  • Daxap AS shall develop and maintain a vendor management process for third-party vendor engagement and assessment.
  • Change and vulnerability management controls shall be established and implemented.