INFORMATION SECURITY

Our information security management policy is related to the following basic concepts: Confidentiality: The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. Integrity: The property of safeguarding the accuracy and completeness of assets. Availability: The property of being accessible and usable upon demand by an authorized entity.

This policy includes all the units using the information systems infrastructure, reaching the information systems as third parties, and software and hardware service providers providing technical support for information systems. In this context, employees are required to embrace the related documents for Information Security Management System and act accordingly.

Nart Informatics (TechNarts) is committed to safeguard the confidentiality, integrity, and availability of all physical and electronic information assets of the institution to ensure that regulatory, operational, and contractual requirements are fulfilled. The overall goals for information security at TechNarts are the following:

• Ensure compliance with current laws, regulations, and guidelines
• Comply with requirements for confidentiality, integrity, and availability for TechNarts's employees, and other users
• Establish controls for protecting TechNarts's information and information systems against theft abuse and other forms of harm and loss
• Motivate administrators and employees to maintain the responsibility for, ownership of, and knowledge about information security, in order to minimize the risk of security incidents
• Ensure that TechNarts is capable of continuing its services even if major security incidents occur
• Ensure the protection of personal data (privacy)
• Ensure the availability and reliability of the network infrastructure and the services supplied and operated by TechNarts
• Comply with methods from international standards for information security, e.g. ISO/IEC 27001
• Ensure that external service providers comply with TechNarts 's information security needs and requirements

The administration has the overall responsibility for managing TechNarts's values in an effective and satisfactory manner according to current laws, requirements, and contracts. The Chancellor/President has the overall responsibility for information security at TechNarts, including information security regarding personnel and IT security.

• TechNarts's approach to security should be based on risk assessments.
• TechNarts should continuously assess the risk and evaluate the need for protective measures.
• An overall risk assessment of the information systems should be performed annually.
• Risk assessments must identify, quantify and prioritize the risks according to relevant criteria for acceptable risks.
• The system owners are responsible for ensuring that risk assessments within their area of responsibility are implemented in accordance with the policy.
• Risk management is to be carried out according to criteria approved by the management at TechNarts.
• Risk assessments must be approved by the management at TechNarts and/or the system owners.
• If a risk assessment reveals unacceptable risks, measures must be implemented to reduce the risk to an acceptable level.