Kuusakoski Recycling Information Security Policy

Introduction

This information security policy defines the principles, responsibilities and controls applied to the implementation and development of information security in the Kuusakoski Recycling organization.

Information security policy is complemented with information security instructions, principles, and data privacy instructions. These instructions apply to all company employees and sub-contractors in a contract relationship to Kuusakoski.

This information security policy is valid until further notice, and it is approved by the CEO of Kuusakoski Recycling. This information security policy and other information security guidelines are maintained and updated in accordance with any changes in the operating environment and legislation. 

Information security and data protection

The goal of information security is to safeguard and protect information, data systems, IT services, data processing and data transmission.
Data protection means the protection of personal data and other sensitive or confidential data related to persons.

Information security and data protection are obligated and guided by general obligations set out in the national and international legislation and statutory industry-specific obligations.

Practices

Managing and developing information security is a continuing process. Information security knowledge of Kuusakoski personnel is developed with training and information security instructions. Kuusakoski researches and utilizes actively new technologies and practices to secure information.

Responsibilities in Kuusakoski Recycling concern

The fulfilment of information security is a responsibility of Kuusakoski Recycling CEO with the support from management group and other group company CEO’s.

Information security team supports the execution follow up, development and report about information security regularly.

Supervisors are responsible for information security fulfilment in their own units. Supervisor ensures that personnel has adapted the valid information security instructions. Every employee is accountable for information security in their part and following the given instructions in their work.

Non-conformities

Any action against the information security policy or instruction is counted as an information security breach. Kuusakoski has defined proceedings on infringement situations. Employees are obligated to report any findings related to information security threats and deviations.