Policy for information security

Policy for information security

Regent takes the protection of your information very seriously.

In today’s society, information is one of the most important assets. In addition to the information that Regent owns, we also handle information owned by our stakeholders such as customers, suppliers and other partners. We ensure that all information, regardless of who owns it, is handled in a controlled and structured manner. We believe that it is a critical success factor for us to achieve our business goals.

By information security we mean the protection of information regardless of its form, how it is transmitted or stored. The term includes physical security, IT security and administrative security.

The information shall be protected against all threats, whether internal, external, intentional or unintentional. We take it for granted that all parts of the security work are included in all the organization’s assignments. This policy applies to all employees, partners, trainees, temps and consultants in our work environment, internally and externally.

Regent is committed to continuous improvement, which also pertains to the information security management system. This ensures that Regent continuously develops and improves processes within information security, and reduces the risk of potential information security incidents.

It is our policy to ensure the information:

Availability

Ensuring that the information is available to authorized users when they need it.

Integrity

Ensuring that the information and processing methods are protected so that they remain accurate and complete.

Confidentiality

Ensuring that information is available only to those who are authorized.

Requirements within the organization

  • All employees and subcontractors must undergo information security training.
  • All employees and subcontractors are obligated to notice and report identified security incidents and security observations, both internally and externally. Security incidents and security observations shall be reported to the immediate superior, CISO, or through Regent’s whistleblower function..
  • Investments in information security shall be based on the needs and requirements of the business, thereby constituting support for achieving the set goals.
  • The work with information security shall be continuously followed up.

IT Security Policy for Work Equipment and Users

As an employee or subcontractor of Regent, you are obligated to adhere to Regent’s IT Security Policy for work equipment and users.

Goals for Information Security

  • Regent shall exceed the expectations of employees and external parties regarding our policy’s definition of availability, integrity, and confidentiality concerning the information we manage.
  • The number of information security incidents shall be limited as far as is practically possible, aiming for a vision of zero information security incidents occurring.
  • The total and average risk level of all Regent’s information security risks shall continuously decrease.
  • All employees and subcontractors shall undergo regular information security training.

Information security policy validity period

The information security work shall be based on the standard ISO / IEC 27001 and the Swedish Agency for Civil Protection and Emergency Planning (MSB) methodological support.

The Information Security Policy was established by Regent’s owners and management on January 30, 2020. The latest revision and approval of the Information Security Policy and Information Security Work were carried out on March 13, 2024, and are valid until March 13, 2027.