The risks involved in cyber security and data breaches of any kind have exploded in the past years. Organizations increasingly must show they can be trusted for information security and privacy management. The ISO 27001 certification demonstrates that an organization has identified risks and put in place preventative measures to protect the organization from information security breaches.
In 2020 Post Nord Strålfors achieved an ISO 27001 certification for targeted areas with extra high security demands – both for Ljungby site in Sweden and for all Input Management area in Denmark.
ISO / IEC 27001 certification is the reference for all IT security. The standard ensures process management, risk management and overview, which are important parameters in IT security for our customers.
Security culture within PostNord Strålfors
Åke Andersson, Information Security Manager Nordic IT at PostNord Strålfors– PostNord Strålfors IT Security is based on secure systems and processes, but also on education, training and awareness of all employees, says Åke Andersson, Information Security Manager Nordic IT at PostNord Strålfors.
PostNord Strålfors uses the security controls from the ISO 27001 standard as a baseline to provide secure services for our customers. It is an integral part of the organization’s process and overall management structure with the aim to systematically approach and manage information security risks.
The management system covers, amongst other things, changes to the information environment, information handling, supplier management and the HR process to ensure that Information Confidentiality, Integrity and Availability (CIA) is maintained in a suitable manner.
PostNord Strålfors has established, implemented, and will maintain and continuously improve the ISMS, in accordance with the requirements of ISO/IEC 27001:2013.
With PostNord Strålfors as a supplier and partner, you are therefore guaranteed a high level of Information- and IT security. With secured solutions and platforms, we can protect our customers' data and processes.
Get an overview of PostNord Strålfors certificates.
PostNord Strålfors Information Security Management System, ISMS
The PostNord Strålfors ISMS follow an iterative cycle of phases to plan, implement, monitor and improve our Information- and IT Security .
The work on information security within the framework of the ISMS is operated regarding to risks.
Decisions and trade-offs in the context of the ISMS are based on risk analysis.
Information security within the framework of this ISMS is based on operational risks, security risks and regulatory requirements.
Risk management identify risks associated with privacy, traceability, loss of confidentiality, integrity and availability of information within the scope of the ISMS.
Information security at PostNord Strålfors covers the following areas:
- Secure development - a prerequisite for building secure services, architectures, applications and systems.
- Supporting processes - PostNord Strålfors work according to the ITIL (Information Technology Infrastructure Library) framework and all our IT processes are based on this framework.
- Human Resources security – via a HR-Onboarding and HR-Offboarding process and on-going mandatory security, information security and GDPR training.
- Access management - Access to information assets, IT facilities (IT equipment, applications, procedures, rooms) and networked services (Resources) is restricted to registered users or application.
- Cryptography security - Cryptographic algorithms and protocols are implemented in PostNord Strålfors solution.
- Physical security – To prevent unauthorized access to facilities, equipment and resources, and to protect personnel and property from physical circumstances and events that could cause serious losses or damage.
- Operational security – Operating procedures in place.
- Penetration and vulnerability scanning - An external penetration test is being performed on a yearly basis by an external company and an external and an internal vulnerability scanning is being performed on a monthly basis.
- Risk management - Risk Management procedure allow risk to be escalated from operation to top management.
- General Data Protection Regulation, GDPR - To be able to follow and be compliant with the regulation PostNord Strålfors has put in place a DPO.
- Communication security - PostNord Strålfors ensure that information and services on PostNord Strålfors’s networks are protected from unauthorized access.
- Business Continuity Plan (BCP) - The BCP, including a Disaster Recovery Plan (DRP) addresses continuity of business-critical processes, components, resources and outlines how any disruptive event shall be managed.