2022-12-22

Information Security Policy

1. Introduction

This policy outlines the measures that Tagd AB has put in place to protect the security and confidentiality of contract information stored in our contract management system. It applies to all employees, contractors, and third parties who have access to the system. It is the responsibility of all individuals with access to the contract management system to adhere to this policy and to take appropriate measures to protect the security of contract information.

2. Information Classification

All contract information stored in the contract management system is considered confidential. This includes, but is not limited to, financial terms, proprietary information, and personal data. Contract information should only be accessed by  individuals who have a legitimate business need to do so, and should not be shared with unauthorized individuals.

3. Access Controls

Access to the contract management system is restricted to authorized personnel only. Each employee, contractor, and third party is assigned a unique login and password, and access to specific areas of the system is granted on a need-to-know basis. It is the responsibility of each individual with access to the contract management system to keep their login and password confidential and to only use their own account to access the system. All login attempts are logged and regularly reviewed to ensure that only authorized individuals have access to the system.

4. Data Encryption

All data transmitted to and from the contract management system is encrypted using industry-standard protocols to protect against unauthorized access. In addition, all data stored within the contract management system is encrypted at rest.

5. Physical Security

The contract management system is hosted in a secure data center located in the EU, which is protected by 24/7 security measures and access controls. Only authorized personnel are allowed access to the data, and all access is logged and monitored.

6. Disaster Recovery

In the event of a disaster, we have a robust disaster recovery plan in place to ensure the continuity of our contract management system. This includes regular backups of all data, and the use of redundant servers and infrastructure to ensure that the contract management system remains available in the event of a failure.

7. Incident Response

In the event of a security incident, we have a documented incident response plan in place to address the issue and minimize the impact on our contract management system. This includes the notification of relevant authorities, as well as the implementation of corrective actions to prevent future incidents. If a security incident does occur, all employees, contractors, and third parties with access to the contract management system must cooperate fully with the investigation and follow any instructions provided by the incident response team.

8. Training and Awareness

All employees, contractors, and third parties with access to the contract management system are required to complete regular security awareness training to ensure that they are aware of their responsibilities and the measures in place to protect the security and confidentiality of contract information. This training should cover topics such as password management, data handling, and incident response.

9. Compliance

We are committed to complying with all relevant information security laws and regulations, including the EU’s General Data Protection Regulation (GDPR). This includes maintaining appropriate technical and organizational measures to protect contract information, as well as ensuring that any third parties with access to the contract management system also adhere to relevant security standards.

10. Review and Updates

This policy is regularly reviewed and updated to ensure that it remains effective in protecting the security and confidentiality of contract information stored in our contract management system. Any updates to this policy will be communicated to all employees, contractors, and third parties with access to the contract management system.