Securing and safeguarding information, technologies and personnel
The backbone of our business is to keep essential and critical information and technologies safe from unauthorised hands. Information Security (INFOSEC) is the backbone in every operation and key to building trust with our customers, partners, owners and other stakeholders.
Several instructions are developed to ensure compliance with internal and external requirements for security and privacy. At KDA, information security embraces both civil and military activities.
The purpose of the KDA security instructions is to:
- Prevent information becoming compromised through espionage, carelessness or lack of knowledge of the prevailing security rules
- Prevent the loss, theft or misuse of KDA's assets
- Secure KDA buildings, systems and equipment against unauthorised entry and vandalism
- Prevent acts of sabotage or other wilful damage against KDA that could halt or delay the completion of assignments and/or cause a risk to employees
- Comply with governmental requirements for privacy
- Ensure compliance with the requirements for quality and security levels for products, services and information.
- Ensure that we operate in compliance with current legislation.
- Act as a user manual for KDA's information systems.
The KDA security instructions include Information Security, Personnel Security, Physical Security and Cyber Security. Security measures are designed, implemented and operated based on a risk-based approach to:
- Protect people and assets against intentional harm
- Prevent espionage, sabotage and theft
- Prevent unauthorised access to facilities, equipment, material, documents, information, computer systems and other resources
- Comply with requirements found in applicable laws, regulations, contractual obligations, industrial standards and best practices
- Include security training and awareness programmes
- Detect, respond to, and investigate security incidents
The need-to-know principle applies to information security. Networking and reuse is encouraged in the organisation, insofar as this does not conflict with the need-to-know principle.
KDA's administrative rules are governed by requirements for classification and security clearance and KDA's need for protection stated in contracts.
The KDA security instructions satisfy the requirements of the Norwegian laws:
- Sikkerhetsloven (Security Act) Lov om forebyggende sikkerhetstjeneste (sikkerhetsloven). LOV-1998-03-20-10, last modified: LOV-2008-04-11-9)
- Personopplysningsloven (Personal Data Act) Lov om behandling av personopplysninger (personopplysningsloven). LOV-2000-04-14-31, last modified: LOV-2013-01-11-3)
- Børsloven (Stock Exchange Act) Lov om regulerte markeder. LOV-2007-06-29-74, last modified: LOV-2014-06-20-29 fra 01-07-2014