Better data security through a variety of means
Hansel’s data security policy determines and expresses from the perspective of the management key business-critical data security principles and requirements. Hansel is committed to upholding the basic data security level specified for central government. The data security obligations apply to all of Hansel’s employees. Hansel’s data security manager is responsible for providing data security related training and instructions, as well as for handling in-house communications.
In tendering processes, a data security level warranted for each acquisition is specified as an absolute requirement for the supplier. The requirements are mainly based on the Ministry of Finance’s VAHTI instructions or the national KATAKRI safety auditing criteria, supplemented with acquisition-specific special requirements. Naturally, Hansel’s customers may contribute to the data security level of the services provided.
Several operating models to improve data security were introduced for the personnel in 2018. The “clean table” principle is used at the recently renovated new multi-function office, meaning that all computers and paper documents must be securely placed in each employee’s personal locked cubbyhole at the end of the day to prevent any unauthorised persons from seeing them on the table.
We have taken a big leap forwards in terms of security to prevent phishing and data leaks. All of our employees now use a two-step verification process when logging into Hansel’s systems. This is to prevent data security non-conformances caused by human errors, for example.
No data leaks were reported in 2018.