Policy for information security
Policy for information security
Regent takes the protection of your information very seriously.
In today’s society, information is one of the most important assets. In addition to the information that Regent owns, we also handle information owned by our stakeholders such as customers, suppliers and other partners. We ensure that all information, regardless of who owns it, is handled in a controlled and structured manner. We believe that it is a critical success factor for us to achieve our business goals.
By information security we mean the protection of information regardless of its form, how it is transmitted or stored. The term includes physical security, IT security and administrative security.
The information shall be protected against all threats, whether internal, external, intentional or unintentional. We take it for granted that all parts of the security work are included in all the organization’s assignments. This policy applies to all employees, partners, trainees, temps and consultants in our work environment, internally and externally.
Regent is committed to continuous improvement, which also pertains to the information security management system. This ensures that Regent continuously develops and improves processes within information security, and reduces the risk of potential information security incidents.
It is our policy to ensure the information:
Availability
Ensuring that the information is accessible to authorized actors, stakeholders, and users when they need it.
Integrity
Ensuring that the information and processing methods are protected so that they remain accurate and complete.
Confidentiality
Ensuring that information is available only to those who are authorized.
Requirements within the organization
- All employees and subcontractors shall undergo information security training during onboarding and regularly thereafter.
- All employees and subcontractors are obligated to notice and report identified security incidents and security observations, both internally and externally. Security incidents and security observations shall be reported to the immediate superior, CISO, or through Regent’s whistleblower function..
- Investments in information security shall be based on the needs and requirements of the business, thereby constituting support for achieving the set goals.
- All employees and subcontractors providing services to Regent’s customers are required to adhere to the customer’s processes, policies, and regulations regarding information security.
- The work with information security shall be continuously followed up.
IT Security Policy for Work Equipment and Users
As an employee or subcontractor of Regent, you are obligated to adhere to Regent’s IT Security Policy for work equipment and users.
Goals for Information Security
- Regent shall exceed the expectations of employees, customers, and other stakeholders regarding our information security efforts. This will be achieved by surpassing the set targets on surveys for “delivery and information security” and the results of training programs in information security.
- The number of information security incidents should be minimized as much as practically possible, with the goal of achieving zero incidents. At the same time, Regent should foster a culture where reporting events that are or could potentially lead to information security incidents is encouraged. Therefore, the number of reported observations that could lead to incidents should always exceed at least one per quarter.
- The total and average risk level of all Regent’s information security risks shall continuously decrease.
- All employees and subcontractors shall undergo information security training during onboarding and regularly thereafter.
Information security policy validity period
The information security work shall be based on the standard ISO / IEC 27001 and the Swedish Agency for Civil Protection and Emergency Planning (MSB) methodological support.
The Information Security Policy was established by Regent’s owners and management on January 30, 2020. The latest revision and approval of the Information Security Policy and Information Security Work were carried out on March 13, 2024, and are valid until March 13, 2027.