As a vendor within IT and information security, having the ISO/IEC 27001 certification in place is mandatory. This proves that we as a company have well established routines and procedures in place for handling information.
Handling both our own and our customers' information is an important part of our internal security policy. The security policy includes procedures for specific business processes and deliverables. mnemonic's security policy focuses on two main objectives:
- Confidentiality in any circumstances that affect our customers
- Stability and availability in our operating and monitoring systems
To safeguard both internal and external security requirements, mnemonic has established an internal Information Security Management System (ISMS). The ISMS is annually audited by DNV according to ISO 27001. ISMS and the Safety Manual were updated to a newer version of the standard in 2013. mnemonic was the first company in Norway to be certified according to the new requirements.
Our Information Security Management System (ISMS) is fully intergrated with our Quality Management System. This ensures that there is no overlap or conflict of interest.