Information security policy

The purpose of this Information Security Policy is to establish and maintain an effective information security management system (ISMS) at Vertiseit AB and all subsidiaries. This policy outlines the commitment, responsibilities, and guidelines to safeguard the confidentiality, integrity, and availability of information assets.

This policy is applicable to all employees, contractors, third-party vendors, and any individuals who have access to the information assets of Vertiseit AB and all its subsidiaries, including the business brands Grassfish and Dise. For the purposes of this document, these entities and their subsidiaries will hereinafter be collectively referred to as ‘the organisation’.

The organisation is committed to maintaining compliance with ISO 27001 and SOC 2. The organisation will undergo regular assessments and audits to ensure the ISMS meets these requirements.

The organisation will conduct regular risk assessments to identify, assess, and manage information security risks. Risk mitigation measures will be implemented to minimize potential threats.

The ISMS will be continuously reviewed and improved to adapt to changes in technology, business processes, and security threats.

All information assets will be classified based on sensitivity, and appropriate security controls will be implemented to protect each classification level.

Employees must follow established procedures for the secure handling, storage, and transmission of information assets.

Employees must ensure their desks are clear of all confidential documents and removable storage media when not in use or upon leaving their desks. Screens must be locked when stepping away to prevent unauthorised viewing of information.

Access to information systems and data will be granted based on the principle of least privilege. Access requests, modifications, and terminations will be documented and regularly reviewed.

Strong authentication mechanisms will be implemented, and authorization processes will ensure that users have access only to the resources necessary for their roles.

As part of our commitment to streamline access and enhance security, the organisation aims to implement Single Sign-On (SSO) and Multi-Factor Authentication (MFA) across all products used within the organisation.

Physical security measures will be implemented to protect information assets, including controlled access to facilities, surveillance, and protection against environmental threats.

Users are encouraged to report any observed or suspected security breaches, misuse of IT assets, or violations of this policy to their supervisor, the IT department, or through the organisation’s designated reporting channels.

The organisation will maintain an incident response plan outlining procedures for detecting, responding to, and recovering from security incidents.

The organisation will comply with all applicable laws and regulations related to information security in the countries where we operate.

Regular monitoring and audits of the ISMS will be conducted to ensure compliance with ISO 27001 and SOC 2.

All employees will receive regular training on information security policies and practices to foster a security-aware culture.

Employees are responsible for understanding and complying with this Information Security Policy and related procedures.

This Information Security Policy will be reviewed annually and updated as needed. Approval for changes will be obtained from the Information Security Officer.

For questions or concerns related to information security, employees can contact the Information Security Officer.

Information Security Officer: Emil Brandt emil.brandt@vertiseit.com 073-35 70 104