We operate a decentralized IT organization. However, there are IT guidelines and instructions at group level that steer the work to meet the goals of the organization as a whole. Where possible, we synergize our IT structure to most efficiently manage the large-scale operations of the group. Our group IT policy has a clear reporting structure and methodology for mitigating risk and running an effective IT operation.
The group also has its own information security policy, which is of vital importance to the running of the business. Our policies are reviewed annually, or sooner if any breach of policy or security is discovered. The information security policy also provides a clear matrix of responsibility in respect to managing information security.
Information security is divided into two areas: administrative security and technical security. Administrative security includes organization, steering, roles and responsibilities like regulations and processes. Technical security, also called IT security or cyber security, includes network, servers, workstations, hardware, software, data centres, backups, etc. Byggfakta Group’s IT and information security policies meet all legal requirements, and in many cases are even more stringent. For example, our business unit NBS has achieved ‘Cyber Essentials Plus’ accreditation, a UK Government certification scheme, with standards designed to prevent, and protect businesses from, cyberattacks. All Byggfakta Group business units have a risk mitigation outlook towards IT and information security.
Byggfakta Group’s data security policies can be found here: