1 Introduction

The Board of Directors works to ensure that has good governance and internal control. The Board is responsible for ensuring that follows laws and relevant national and European regulations that regulate business. The Board shall establish internal rules and policies on an annual basis and ensure that these are followed and are regularly monitored and evaluated within the business. The Board is ultimately responsible for ensuring that has an appropriate and efficient business, as well as a well-developed system for risk management and compliance.

2 Applicability

This policy covers Board, management, all employees, consultants, partners, agents, and contractors affected by Sciigo’s business. The policy applies to all parts of the business and also includes activities and areas that are outsourced to other parties.

3 Responsibility

The Board is responsible for establishing this policy. The CEO is responsible for ensuring that the policy is made available to everyone affected by it.

The CEO is responsible for providing information to everyone concerned with the provisions of this policy. This means ensuring that employees, consultants, partners, agents, and contractors who are affected by this policy are familiar with and comply with its content. The CEO or the person appointed by the CEO is responsible for issuing the more detailed rules needed to facilitate the application of this policy.

4 Entry into force and amendments

This policy shall be revised on an ongoing basis and amended as necessary following the decisions of the Board.

The CEO is responsible for assessing and updating the content of this policy on an annual basis and for submitting it to the Board with any proposed amendments. The policy must be adopted by the Board at least every year, even if there are no amendments to be decided on.

5 Background

Information management within should never adversely affect the customer or the customer’s trust in Sciigo. This means that all employees should be aware of the degree of sensitivity in the information being handled, that information must be protected against unauthorized access and manipulation and that information should be available when needed and be correct and complete.

6 Purpose

The information security work within is aimed at managing information that is handled within Sciigo with regard to confidentiality, accuracy, accessibility and traceability. This work involves both securing and making available information needed in daily work as well as protecting this information. The information is managed by working with information security in a structured and methodical manner through internal guidelines, procedures and decision processes.

Through this policy, the board of directors establishes goals and direction and overall internal rules for information security management.

7 Management system and information security

The work on information security issues within must be conducted with care taken to ensure the following:

• Physical safety
• Protection of data communication and its operation
• Access management
• Traceability in IT systems
• Keeping the production environment for IT systems separate from test and development environments
• Control and access to information
• Security requirements for IT systems for purchasing, development, maintenance and winding-up
• Incident management
• Control of IT systems according to the established information security level

8 Access permissions

The management system should show how Sciigo should assign, change and delete access permissions for IT systems. Sciigo should regularly, though at least annually, verify that existing access rights are limited to needs based on assigned tasks.

9 Risk analysis

Sciigo will annually, and in the event of changes that are important for information security, analyze the risks that are attributable to information security. Based on these analyses and incidents that have occurred, Sciigo must decide on how it should handle identified risks.

The risk analysis and decided measures must be documented.