IT security policy (version 2.4)

Our IT security policy for the Easymeet meeting system sets out the overall direction and goals as well as the overall responsibility and organization for the work with IT security.

Scope

Development and operation of IT systems and solutions meetings.

Background

Given that our customers demand that our systems have 100% functionality and that the information that customers publish via our systems is not corrupted or falls into the wrong hands, information security is a very central part of our business concept.

Our internal work must comply with legislation, preferably GDPR, but also live up to our own high ambitions.

Overall orientation

Active work on IT security and risk analysis will be carried out so that we can deliver our services to customers efficiently and with high quality. We must be and be perceived as a competent and reliable partner.

To continuously review and improve the IT security management system.

The work on IT security shall focus on ensuring:

– high availability of information and services

– the accuracy of information through protection against accidental and deliberate distortion

– access control based on the classification of the sensitivity of the information

– confidentiality and the possibility of protected communication.

Objectives of security work

Strategic and operational safety objectives are revised annually in September. For the period 2022-2024, the following objectives are prioritized:

1. Preventing unauthorized access

2. Preventing data leakage

3. Minimize third-party data storage

4. Continuously improve IT security knowledge for all staff.

Overall responsibility and organization

The CEO of Easy Digital Meeting Services AB has overall responsibility for IT security.

All information has an information owner. This means that internally at Easymeet, the responsibility for information is linked to the respective project owner. The responsible project owner must ensure that the information is correct, but is also responsible for the way in which it is disseminated, i.e. the responsibility for assigning authorization in each project falls on the project owner.

Externally in our assignments, each client must appoint a person responsible for all information entered and used in our provided systems, preferably the Easymeet meeting system. This relationship is regulated in the contract signed for each project.

Each member of staff is then responsible for ensuring that current IT security policies and rules are applied in their day-to-day work and when working with customers. To help with the external safety work in customer assignments, there is a compilation, Guidelines for project managers, with points, steps and activities to follow and implement.

New employees

To introduce and train new employees in Easymeet’s IT security work, an annual training and update of the work’s focus and objectives is carried out. New employees also have a compilation, Guidelines for New Employees, to support them in their daily work.