Data integrity policy
Odournet Group provides guidelines for employees’ use of IT and data in order to protect all data connected to our customers and clients that we work with. It is also to protect employees’ personal integrity, so that each individual can then act based on the conditions that apply, and in the longer term also protect Odournet Group´s IT infrastructure against infringement or data leaks, thus helping to safeguard our clients, partners and brand.
The following rules apply as regards employees’ use of IT, based on Odournet Group divisions and the commercial requirements imposed by our board, customers, and other stakeholders.
In addition, secure handling of all types of information is highly significant for Odournet and its underlying business areas and comprises a key element of the company’s overall security management. It should not be possible to corrupt or lose data, and data must always be protected against unauthorized access.
Odournet has therefore defined these points as particularly important target areas to comply with in order to achieve effective data security, and the company requires good compliance in this area of each individual user when using Odournet ´s IT equipment and system support. Odournet´s goal is to have an IT environment with few incidents and high data security, which also means that Odournet must comply with the laws and regulations that are relevant to Odournet ´s type of business.
- Management of access rights and passwords
- Professional and private use of email and internet
- Use of mobile devices
- Software licensing
- Confidentiality and treatment of sensitive information and personal data
- Data quality
Ensuring good quality and compliance at all levels means that at Odournet we must always remember that:
- We are obliged to keep passwords secret and not store them in plain text at our desk or in any other visible or easily accessible form.
- Odournet’s email and internet connection may be used for private purposes provided such use does not cause inconvenience to the employer.
- All equipment must be supervised and when not in use should be kept locked away or taken home at the end of the working day and protected by a password login.
- Only software approved by Odournet IT department may be installed on computers and other IT-related equipment.
- Information may not be made available or disclosed to individuals outside the organization without prior approval from the relevant responsible manager/line manager.
- Odournet only uses hardware such as computers, photocopiers, printers, and mobile phones that has been acquired using Odournet’s guidelines.
- Information may not be forwarded to private devices (mobile phones, tablets, etc.) or private email.
- Information containing personal details may not be forwarded to a third party without a data assistant agreement according to applicable legislation.
- Information of a sensitive nature may not be forwarded to a third party without a confidentiality agreement in place, for example when working with an external party or supplier.
Furthermore, Odournet’s employees must always treat sensitive data, potential trade secrets and Odournet’s property in documents and applications with the greatest caution, and only use it to the extent required for the task in question or the employee’s role. The same applies for overall IT security such as remote access from home or from another workplace outside the office, or operations via Odournet’s VPN connection, remote access applications etc.
It is incumbent upon every employee and their line manager to always ensure that the IT department is correctly informed of rights/access and that employees are assigned the requisite access level based on their role in Odournet organization. This includes having the correct level of access to documents and support systems, as well as knowledge of where the employee should store material for automatic backup to apply.
Access rights and passwords
In order to maintain effective IT security, it is vital that each individual employee follows guidelines relating to management of access rights.
- Employees are obliged to keep passwords secret and not store them in plain text at their desk.
- Employees must not allow any other person or department to borrow their password.
- Employees must change their passwords when necessary or in response to a request from the IT department or system owner.
- For troubleshooting on computers and software relating to a specific user, personal passwords may only be disclosed to the IT department.
Firewall traffic and internet access might be logged, where internet use is an area where security is impacted to a considerable degree by user behavior. The general rule is that when files are downloaded from the internet, users are required to exercise sound judgement and only access such material or information that is relevant to their work and that comes from reliable websites. Employees are not permitted to use the internet to view/listen to material with pornographic, racist, or Nazi content. The ban also extends to material that is discriminatory or connected with criminal activity. Private browsing should be kept to a minimum and good judgement should be used. This also applies to employees who have their own private computer or mobile with them during working hours.
On suspicion of a breach of this policy
Every manager is responsible for reporting suspected breaches of this policy to Odournet’s IT. A deliberate breach of a serious nature may lead to damages claim and dismissal. If the offence is extremely serious, it may be reported to the police and result in prosecution.
As a company, Odournet must always ensure that its employees are aware of, and have received training in relevant legislation, and that based on their work duties they have a firm understanding of the laws and regulations they are expected to comply with on a daily basis.
All Odournet employees are responsible of maintaining a high level of accuracy and consistency of the company data, projects, client information etc. All data needs to be backed up in line with the company guidelines and processed only with approved company tools/programs/databases.
Individual responsible for Odournet’s IT Policy
The person responsible for the IT Policy is Odournet’s IT Manager, in consultation with Odournet’s Group management.