Privacy by Design

We are a software provider specialized in HR services. This means that our core business is to process the personal data of employees both inside and outside Norway. It's a big responsibility, and we're aware of it.

For us, privacy by design is a matter of course and we might go so far as to say that it's part of our DNA. Privacy by design is also an obligation under the Personal Data Act. This means that we must think about privacy throughout the entire lifecycle of our software. This applies from training and raising employee awareness of what they need to think about in their specific job, via requirements specifications and solution design, how developers should code, what the testing department needs to emphasize to ensure that privacy and information security requirements are properly implemented, to the production deployment, management and operation of HR solutions, where it is important to be prepared for incidents, deviations and, not least, direct attacks.

Our customers take it for granted that we take their employees' privacy very seriously and we want to be transparent about how we secure our customers' employees' personal data. To demonstrate this, we have 4human HRM elected to certify on three (3) information security and privacy standards plus the quality standard ISO 9001. We are ISO certified in:

• ISO 27001 (information security)
• ISO 27018 (personal data in cloud services)
• ISO 27701 (personal data, popularly known as the GDPR standard)
• ISO 9001 (quality)

The certifications tell our customers that we have a systematic approach to information security and privacy and, not least, that the work on information security and privacy is a continuous process. Our most important partners are also ISO certified in ISO 27001 and ISO 9001.