Kuusakoski Recycling Information Security Policy

Introduction

This information security policy defines the requirements, responsibilities and controls for the implementation and development of information security and data protection in the Kuusakoski Recycling Group.

The information security policy is complemented by information security guidelines and policies for employees and partners, and data protection guidelines. All Group employees and contracted subcontractors are required to comply with these guidelines.

The security policy is valid until further notice and has been approved by the President and CEO of Kuusakoski Recycling. The information security policy and the information security guidelines are actively updated to reflect changes in the operating environment and legislation.

Information security and data protection

Information security measures aim to protect the confidentiality, integrity and availability of Kuusakoski, customer and partner data, information systems, services, data processing and communication. These measures ensure the continuity of business operations, as well as the reliability and security of the services provided to customers.

The aim is to be an industry leader in information security practices. This supports Kuusakoski's vision to be the partner of choice for customers.
Data protection means the protection of personal data and other sensitive or confidential information relating to a person.

At Kuusakoski, information security and data protection are obligated and guided by national and international general legal obligations, industry-specific legal obligations, and customer requirements.

Practices

The management and development of information security is a continuous process, managed according to the Kuusakoski Information Security Management System, which is risk-based and based on the principles of continuous improvement. Employee security awareness is continuously developed through training, information and guidance with up-to-date security guidelines.

Kuusakoski actively researches and utilises new technologies and operating models to secure information.

Responsibilities in the Kuusakoski Recycling Group

Responsibility for the implementation of information security lies with the CEO, supported by the Group Management Team and the CEOs of the Group companies.

The Information Security Team forms the Group's information security situational picture, manages actions, reports and supports the monitoring and development of implementation to management.

Supervisors are responsible for the implementation of information security and data protection in their own units, in accordance with the valid guidelines. The supervisor is responsible for ensuring that employees are familiar with the valid security guidelines. Each employee is responsible for following the instructions in their own work.

Information security incidents

Information Security incidents are managed according to defined incident management processes. Continuous improvement includes learning from deviations.

An information security violation is defined as an activity that is in breach of information security policies or guidance. Kuusakoski has defined procedures for violation situations. Employees are obliged to report any information security threats and deviations they observe to their supervisor.

Updated: 11 April 2024