Summary of information security policy

Digital Workforce sees Information management as essential part of good IT governance, which in turn is a cornerstone in corporate governance. An integral part of the IT governance is information security, which is the key component of the Digital Workforce’s overall information security management framework and documentation including system level security policies and security guidance.

Digital workforce sees information security as a factor for success that enables us to provide the best IPA services in the market. Digital Workforce has defined information security policy documentations that is available to our customers upon request. Our core principles for information security management leans on ISO/IEC 27002 definitions that are adapted as necessary to the local situation for following areas:

– Risk management
– Organizing information security
– Asset management
– Human resource security
– Communications and operations management
– Physical access control
– System development and maintenance
– Information security incident management
– Business continuity management
– Compliance
– Disaster recovery plan

The foundation for this policy is ISO/IEC 27001 and ISO/IEC 27002 which have been condensed to a manageable and applicable level. Information Security Policy is also compliant with Finnish legal requirements.