Our work with information security is conducted in a formalized and risk-oriented manner based on the international standard Information Security Management System, ISO/IEC SS 27001.
The Board of The Swedish Internet Foundation defines the objectives and direction for information security in an information security policy. This policy is the overarching document that formulates the goals for and controls the work of the organization’s overall risk management and information security. The policy covers all information assets within the organization without exception, whether processed manually or automatically, and regardless of in what form or setting it occurs.
All information are classified with respect to the sensitivity. The overall purpose of The Swedish Internet Foundation information security management system is to ensure a balanced protection for The Swedish Internet Foundation information assets so that the right information is available to the right person at the right time and in an auditable manner.
Certified information security management system
The Swedish Internet Foundation is certified according to the standard SS ISO/IEC 27001. The certified area includes the provisioning of robust and secure internet-based services to both private and public sectors as well as the public in general. The certification ensures that The Swedish Internet Foundation’s in a systematic and responsible manner is working with information security in all parts of our business.