Corporate Security Policy

 

Verified by REVI-IT _ISAE 3402-I 2019 farve UK.png

We have developed our security framework using best practices in the SaaS industry. All NCSC steps and guidelines, including the NCSC Risk Management Regime, is covered within our framework. 

As a service that processes the personal information in our exam platform WISEflow on behalf of our client institutions, we are subject to the EU Privacy Regulation (EU 2016/679) of 27. April 2016 in the capacity of a 'data processor', and we therefore ensure that our service remains compliant with the law. Our customers are subject to the same legislation as 'the data controller’, and through reciprocal data processing agreements we ensure that our customers comply with the requirements of the legislation. Our procedure for ensuring compliance with the General Data Protection Regulation is checked annually in an IT-security review based on ISAE3402 standards and certificate.

We protect personal and sensitive information, both internally and in relation to our service WISEflow, to the greatest extend possible. We use encrypted connections, encrypted hard drives, secure entrances and encrypts sensitive personal information such as personal identification numbers, birth number etc. We comply with GDPR legislation and have procedures for this, as well as retention of our own and our clients' personal data. For this, we have separate Data Processing Agreements with all our clients.

Every year an external evaluation by an IT auditor is conducted and an annual IT security statement is produced by UNIwise. The procedures are continuously verified to see if they are followed and documented. Internally, UNIwise also conduct a quarterly IT security meeting each quarter, where we take stock of the policies, procedures, controls and documentation.  

“Being providers of a digital exam and assessment platform, corporate security is alfa omega. Ensuring that we live up to the quality standards of data protection and data storage are the ground pillars of conducting business at UNIwise”

— Chief Product Architect at UNIwise, Mads Stenhøj Andresen

Our key security objectives include: 

  • Customer Trust and Protection – consistently deliver superior product and service to our customers while protecting the privacy and confidentiality of their information. 

  • Availability and Continuity of Service – ensure ongoing availability of the service and data to all authorized individuals and proactively minimize the security risks threatening service continuity. 

  • Information and Service Integrity – ensure that customer information is never corrupted or altered inappropriately. 

  • Compliance with Standards – implement process and controls to align with current international regulatory and industry best practice guidance. We have designed our security program around best-of-breed guidelines for cloud security. In particular, we leverage standards with the framework of ISO 27001/2, as well as the EU Privacy Regulation (EU 2016/679).

We make continuous improvements of both policies, procedures, documentation and operational management. We are a member of the Confederation of Danish Industry and DI Digital and follow the rules and regulations as published here.