Financial services company Storebrand has chosen Secure Practice to help employees with safe handling of suspicious emails. Bjørn Richard Watne (CISO) says the solution greatly helps both preventive and operative security.
Gamification engages, but it is the employees' contributions to information security we value the most in Secure Practice, says security manager and data protection officer Ole Martin Refvik from Admincontrol.
Chief information security officer (CISO) Vigleik Hustadnes at energy and communications company Tussa, says that employee awareness and security culture is an important focus area for their security work, and that Secure Practice is a good fit here.
As a trusted partner in securing your business, security is naturally made a high priority for ourselves. Our security strategy is based on demonstrable implementation of well-known standards, including:
ISO 27001 Information Security Management System (ISMS) for organizational and technical controls in line with best practice
OWASP Application Security Verification Standard (ASVS) for structured security requirements in software development
Cloud Security Alliance (CSA) Continuous Self-Assessment for risk management throughout the entire cloud supply chain
Privacy by design
European privacy legislation (GDPR) implements strong requirements for personal data processing. Our privacy strategy takes into account both your role as a controller, ours as processor, and end-user rights.
Principles for data protection are adopted throughout our entire product development lifecycle, including data minimization.
Data Processing Agreement terms govern the legal scope and requirements for processing, and responsibilities of each party.
Transparent risk analysis baseline for customers who deploy our services include privacy impact assessments for personal data.
Would you like access to our CSA self-assessment, OWASP ASVS requirements table, ISMS policies, or a risk assessment baseline for our services?