top of page

Information Security Policy



The policy describes the focal points of the organisation regarding the protection and treatment of information, including personal information. The policy applies to all information assets and operation of the organisation irrespective of the format in which the information is stored, such as electronically, on paper, as knowledge preserved by individuals or communications. The policy, moreover, covers all information assets from third parties that Tern Systems has in its possession and/or which the organisation has asked a third party to manage on its behalf. The policy applies to all employees, the Board of Directors and contractual entities who have access to the organisation ́s information.​

Review and Approval

This policy is reviewed and approved according to the company's agenda for regular management review meetings, the CEO and Directors shall review this equal opportunity policy every three years.


Director of Administration is responsible for implementing this policy.


The Directors are responsible for all information assets that are formed in their divisions, and for ensuring that their employees follow the rules and instructions applicable to information security. The policy is to be presented to employees and other entities that are granted access to sensitive information assets when working for the organisation and is to be accessible on the organisation’s intranet and external website.


Tern Systems works toward ensuring the security of information assets through formal procedures that support continuity in operations and minimise operational risk.


Tern Systems strives to:


Maximise information security, including information systems owned by or in the possession of the organisation with regards to confidentiality, integrity and availability.


Protect information assets from unauthorised access so as to prevent inappropriate use, changes, disclosure or destruction of important and sensitive information.


Encourage and maintain awareness of information security within the organisation, including Board of Directors as well as other entities that are given access to organisational information.


Follow laws and regulations on information management, information security and general data protection that apply to the organisation.


Continuously work on improvements including regular risk assessments.


Provide annual security training focusing on current cyber security risks and prevention methods to all employees. 


Provide specialised training to IT staff and those in sensitive roles.


To fulfil the purpose of the policy, the organisation is currently working on implementing ÍST EN ISO/IEC 27001.

bottom of page