Organisational and Technical measures

Organisational and technical measures for data protection

Iconsof AB (Iconsof) handles large amounts of data for itself and on behalf of others. This applies, among other things, to some personal data.

This summary outlines how Iconsof acts to fulfill its obligations and to minimize the risks associated with the processing of data. It also refers to the current minimum security levels. However, Iconsof is committed to continuously improving its data security, whereby it will adapt measures to safeguard from new outside threats and utilize newly available data protection tools.

Organisation

Iconsof´s data security activities are based on current legislation and the company’s governing documents which are determined by the Company’s CEO or Board of Directors. The data security within the business, includes the following:

  • Responsibility for policies and procedures relating to data security and its compliancy

  • Conducting risk analysis and management in relation to data security

  • Coordinating activities to ensure data security compliancy

  • The overall requirements of various security controls

  • Spreading knowledge about data security throughout the organisation

Iconsof maintains guidelines on how all employees should act to minimise data security threats. These guidelines are well circulated, understood and implemented by all concerned.

General information on technical security measures

The basic principle of technical security measures at Iconsof is that the level of confidentiality determines the requirements of the security controls (e.g., type of authentication, cryptographic protection, etc.). The levels of confidentiality are:

  • Open – data accessible by all, inside and outside the company

  • Internal – data accessible by employees only

  • Confidential – Sensitive data (such as personal data) accessible by a limited number of employees only

Continuity planning

In the event of a serious incident, such as an office or data centre fire, Iconsof has a data processing crisis and contingency plan in place, to minimize disruption to operations and commitments to customers.

Access / Authorization

Data is protected from all forms of unauthorized processing, such as unauthorized access, unauthorized distribution and unintentional or intentional destruction.

Each individual’s access is limited to only the data and permissions needed to carry out the task and defined and set by the customer

Backup and recovery

Iconsof use services to make regular backups of data, i.e., daily.

Compliance with other GDPR requirements

Iconsof will, upon request, assist the Data Controller to amend/update personal data for which they are responsible.

If you have any questions, please contact us at support@thecards.eu.