Information Security Policy
Through the use of technical and organisational measures, Hantverksdata ensures that the appropriate security measures are continuously taken to protect personal data. We adhere to generally accepted standards and frameworks for the protection of personal data. This means that personal data is, for example, protected against unauthorised access, alteration or destruction.
- Physical access to data and systems: Hantverksdata engages subcontractors for its server environment and the Supplier guarantees that it takes the necessary measures to ensure that unauthorised persons cannot access premises and systems where personal data is processed.
- System security Hantverksdata performs all necessary updates to underlying systems continuously and as required and uses applications that process personal data in accordance with supplier recommendations and the following generally accepted practices for this type of system.
- Application security System users have access to personal data only through individual logins using encrypted communication.
- Data availability
1. Access to personal data is assigned to authorised personnel to the extent that measures are necessary to maintain the purchased service and to perform measures ordered by the data controller.
2. Authorised personnel connect to the system through methods that ensure an adequate level of data security and traceability.
3. Authorised personnel are continuously reviewed.
4. Use of subcontractors:
5. Subcontractors are used only after checking suitability with regard to security awareness.
6. Subcontractors are engaged only under contracts that ensure an adequate level of data protection.