Dubex is ISO 27001 certified in information security in connection with the development, delivery and servicing of solutions and services in IT security. It is Dubex’ goal to maintain a level of information security that leads to certification according to the ISO/IEC 27001:2013 standard, as well as the preparation of a ISAE3000 statement
The first IT security provider in Denmark with ISO 27001 certification
In 2011, Dubex became the very first IT security provider in Denmark to be ISO 27001 certified in IT security and thus the first security provider to be able to document its own IT security. In connection with the re-certification in 2014, Dubex was the first Danish company to undergo the ISO 27001: 2013 certification process.
Information security in practice
Dubex’s management system for information security, the ISMS system, creates the frameworks for how we secure internal and external information through operational and established procedures and instructions for placement of responsibility, guidelines, risk assessment and contingency plans.
Dubex’s ISMS system is based on:
- Compliance with the international standard ISO/IEC 27001 and the selected management objectives and measures from the ISO/IEC 27002 standard.
- All relevant rules, legal requirements, guidelines, guidelines and contracts within Dubex’s business area, personal data legislation, the Sale of Goods Act, government requirements and labour market agreements.
- Common methods and procedures for information security.
- Read our ISMS and information security policy here (in danish)
(Opens in a new tab)
Scope
Information security in connection with the development, delivery and servicing of solutions and services within IT security in accordance with the Statement of Applicability, dated May 18th 2022.
Our goal is to ensure:
- Availability
Dubex’s business systems are usually available 24/7. We maintain a level of preparedness that ensures that normal operation of critical business systems can be re-established as agreed in the relevant SLAs. - Integrity
Reliable and correct operation of the information systems is achieved with minimised risk of incorrect data basis, e.g. as a result of human and system errors or external events. - Confidentiality
Dubex’s data, and the customers’ data in Dubex’s custody are kept confidential by using classification, encryption and access control and is only available to the individuals in the way the classification prescribes.
Dubex is ISO 27001 certified – the entire company and all our services
Dubex has been ISO 27001 certified for 11 years in information security in connection with the development, delivery and servicing of solutions and services in IT security. We are thus a security provider able to prove control of IT security, both internally and in relation to our external services.
The level of security is determined in relation to individual cases, completion of work and financial resources. In addition to a high level of security, an appropriate and user-friendly use of IT is desired, where our security consultants have other needs in their daily work than the more administrative or sales-oriented employees.
Dubex ensures that employees are informed about the ISMS system, its policies, procedures and instructions, as well as the employees’ responsibility in regard to the company’s information and systems.
Placement of responsibility at Dubex
The responsibility for the day-to-day management of Dubex’s information security lies with Security Manager, Jacob Herbst.
If an employee detects or suspects threats or breaches of information security, he or she must immediately notify the security officer. Employees who violate Dubex’s information security policies, procedures and instructions will be met with provisions described in Dubex’s procedures and personnel policy.
Follow-up
Dubex measures, assesses and monitors the information security area as follows:
- Ongoing unique registration and follow-up on security incidents.
- Ongoing registration of initiatives.
- Follow-up on the knowledge level in Dubex.
- Risk assessments are carried out in the event of major changes and at least once a year.
- Conducting of independent third-party audits and evaluations.
- Management reviews and re-evaluates the ISMS and information security policy based on the above at least once a year.
Based on this, the management reviews and re-evaluates the ISMS and information security policy once a year, as well as in the event of major changes.
Approval
This policy was last approved by Dubex’s Board of Directors on May 2022 and reviewed by Dubex’s management on May 18th 2022.