ISO/IEC 27001:2022

ISO/IEC 27001:2022 is primarily a certification in information and cybersecurity, outlining a set of requirements for risk management, documentation of processes, and the allocation of roles and responsibilities related to information security.

According to the certification, we are:

• Able to manage the risks associated with data handling.
• Able to structure and protect data owned and/or managed by us.
• Risk-conscious and can proactively identify and address any vulnerabilities.

Furthermore, we commit to respecting best practices in accordance with principles and procedures as outlined in the international ISO/IEC standards.

The certificate is valid for three years (until December 2026), and as part of the procedure for being ISO/IEC certified, an auditor visits us annually. This is done partly to ensure that we comply with the standards and partly to guide us in the implementation, maintenance, and continuous improvement of our internal workflows.