The risk management process includes identifying, assessing, and controlling risks that may stem from various sources. To reduce risk, we have applied the necessary measures to minimize, monitor, and control the impact of adverse events, meantime maximizing positive events.
Within our risk management, we follow five main principles:
- Clear vision of direction for all business areas and roles to follow.
- Prevention of harmful impact throughout security by design (proactive risk management).
- Protection of business operability, assets, and reputation.
- Effective and cost efficient risk management.
- Attainment of excellence in information security practices with a sense of proportion.
Our security measures include various operational, infrastructure, and physical security measures, the BCM concept, a security awareness program for employees, and regular internal and external audits.