ISMS Governing documents

ISMS is a part of the Quality Management system in Conexus

ISMS Policy

Conexus' CEO has the overall responsibility for all information security and privacy at Conexus and approves governing documents.

  • As Controller, Conexus processes personal information to manage the relationship with its employees (personnel management) and the relationship with its customers.

  • A Processor, Conexus processes personal information for its customers on the services Conexus offers (CX School, Insight, Engage, Stafettloggen and others).

“ISMS governing documents” covers information security for both for personal information and non-personal business information.

 

Conexus shall through the ISMS comply with the Norwegian privacy act, including the GDPR regulation (Personopplysningsloven), ISO 27001 and other relevant laws on information security and privacy.

The security goals describe what is desired to be achieved, while the security strategy describes what actions will be taken to achieve the security goals.

Security goals and strategy are applicable to all Conexus employees and temporary staff. In cases where it is difficult to meet goals and strategy, any deviation from this must be agreed with the CISO.

Continuous improvements is secured through risk assessments, deviation handling, periodic internal and external audits and through information and education of employees.

Policy, strategy, security goals and the full ISMS are revised and approved through the yearly management review of ISMS.

Useful documents for Security organisation:

Chapters in the ISMS policy

  • ISMS - Goals and strategies

  • ISMS - Roles and responsibilities

  • ISMS - Periodic activities

  • ISMS - Information classification

  • ISMS - Records of processing activities

  • ISMS - Risk Assessments

  • ISMS - Audit and Self Assessment

  • ISMS - IT Guidelines

  • ISMS - Information Security and Privacy for Employees

  • ISMS - Privacy & GDPR

  • ISMS - Human recourses security

  • ISMS - Training