The following parties have relevance to our information security and quality management system. We have documented their requirements towards information security and quality management, as well as any requirements we might have from them.
| Party | What they expect from us | What we expect from them | Communication | | --- | --- | --- | --- | | Shareholders | No negative press, e.g. as a result of data breaches.Broad communication on obtained certifications (ISO 27001 and ISO 9001). | Clear and concise requirements with regards to information security and quality management | Once per year, the Chief Information Security Officer (CISO) will distribute (a summary of) this year's Management reviews to the shareholder | | Personnel | Protection of personal data | Knowledge and obedience of all relevant Policies and Procedures. | Mile stones and success stories about our ISMS and QMS will be communicated to the personnel, through our ISMS/QMS meetings, by the Security officer and Quality manager.During the performance evaluation the personnel is asked to give some feedback on the company operation. More urgent feedback or challenges are encouraged to be reported ad hoc to the CSO. During the performance evaluation, the employee also gets feedback on their daily performance. | | Contractors | Clear and concise requirements with regards to information security and quality | Knowledge and obedience of Secure development policy, Information classification policy.Protection of confidential and sensitive data (same level as described in ISO 27001 certification)Delivery of sound and high quality data (same level as described in ISO 9001 certification)Open and transparent communication | Communication with contractors on a case per case basis, contractors will be contacted by email when involved in the Change management process by the Change manager. When assistence is required, our COO contacts the customer service of the contractor.Contractors can reach us via email when required. | | Technology partners | Prove that we can perform their protocols at our facilities in order to keep our certification. | Provide us with the latest updates on technology and protocols | On a regular basis we have communication with the Field Sales manager to discuss our partnership. On these occasions we also discuss ISMS related matters. On a regular basis we have communication with the a Technical Applications Scientist to discuss new technology and protocols/applications. | | Clients | Protection of confidential and sensitive dataISO 27001 certificationDelivery of sound and high quality data (as described in ISO 9001 certification) | Respect our Information classification policy when it comes to the exchange of sensitive data. | See the Customer on-boarding process for communication flows before a project starts, once a project is approved a Project manager is indicated and further communication on the project is done by them. (See Project management procedure on Google Drive (tbd)). After a project the Customer survey is sent to the client. The Head of finances communicates on invoices.Our certification status is communicated to clients through our web sites or other communication platforms (LinkedIn), and the topic will be addressed by account managers and business development. | | End users | Protection of personal data | - | End users are informed about our certification status via our web site or other communication platforms (LinkedIn), by account managers and business development. On the web site they can also find our Privacy policy. | | Government, supervising authorities | To uphold the law and regulations as detailed in Legal and contractual requirements | Timely communication on changes in relevant laws. A process for reporting data breaches. | In case of a data breach, Government will be informed through Incident management process, by the Incident manager and/or Security officer. See Authorities and special interest groups for contact information |
version approved on 21/03/2023