IT Security Policy
Aider Denmark’s IT security policy must always support our values, vision and the strategic goals that underpin our IT strategy. Secure handling of information is a prerequisite for trust, quality and credibility — internally and externally.
Our IT Security Policy
-
-
The IT Security Policy sets out the principles and requirements that apply to the use of information and information systems at Aider Denmark. The purpose is to make it clear that all data is handled in accordance with applicable standards, guidelines and legal requirements.
Aider Denmark follows security levels aligned with the Danish government’s common standard for information security (DS 484). Requirements are tightened where specific legal obligations, contractual terms, or risk assessments indicate a greater need for protection.
A high level of security is essential for Aider to be seen as a credible and professional partner — both in Denmark and internationally. We therefore ensure that all information is handled confidentially, accurately and in a timely manner.
IT systems are — alongside our people — one of the company’s most critical resources. Operational reliability, quality, compliance with legal requirements and user‑friendly solutions are therefore key priorities.
We protect Aider Denmark against security threats — technical, human and natural — and all employees are subject to the security requirements. There are no exceptions.
Security objectives
Aider Denmark works according to the following security principles:
Availability
High operational reliability, high uptime and a minimised risk of data loss and outages.Integrity
Correct system operation and protection against manipulation, data errors and unauthorised changes.Confidentiality
Secure processing, transmission and storage of information.Authenticity
Assurance of the identity of the parties involved.Non‑repudiation
Documented actions and secure communication between parties.These objectives are supported through Service Level Agreements (SLAs), contracts and internal guidelines.
-
The security framework consists of three layers:
- Information Security Policy — approved by executive management.
- Information Security Handbook — detailed guidelines established by the IT Committee.
- Instructions and procedures — specific requirements for operations and behaviour.
-
This policy applies to all information‑related activities at Aider Denmark, whether carried out by employees or external partners.
It includes, for example:
- personnel data
- financial data
- operational and production data
- customer data and information entrusted to Aider by third parties
- all systems, platforms, files, records and internal documents
In short: all information that is created, processed or stored at Aider Denmark is covered.
-
Delegated responsibility for information security rests with the individuals appointed by the partner group. These individuals have the authority to make decisions and ensure that policies and procedures are followed.
-
To prevent major incidents or critical outages, Aider Denmark works with physical security, monitoring and IT contingency measures based on risk assessment and cost efficiency.
Aider Denmark’s contingency plan is developed in collaboration with bluepipe a/s and is integrated into their overall contingency framework. Responsibilities for backups and emergency procedures are clearly defined.
The contingency plans include:
- damage limitation measures
- temporary emergency solutions
- full restoration of normal operations
The plans are updated and tested on an ongoing basis — at least once a year.
-
Breaches of Aider Denmark’s information security rules may result in disciplinary action. Any sanctions are handled in accordance with the company’s applicable HR and personnel policies.
-