Information Security Governance
Benify applies information classification to all information used in- and outside of applications.
Information security risk management is a continuous process at Benify. We undertake several annual risk analyses and manage all risks according to Benify’s risk acceptance criteria.
Significant changes within the organization, its business processes or information processing facilities which affect information security are each to be controlled by a risk analysis.
Information security audit
Benify continuously undertakes information security audits to ensure compliance to standards, best-practice frameworks, legislations and regulations.
Audits performed by external independent auditors:
• Internal information security audit (annually)
• ISO 27001 certification audit (annually)
• ISAE3000 type 2 report (annually)
Audits/compliance checks performed by Benify:
• (CAIQ) Consensus Assessments Initiative Questionnaire (continuously)
• CIS Top 20 (continuously)
All security and data protection incidents are managed by Benify’s security and data protection organization according to establishes policies and procedures.
In order to ensure compliance to information security policies and data protection legislations Benify have processes and policies in place to review and assess all new IT systems/services that are introduced in our organization.
Our security policies, procedures and guidelines are documented, internally published and communicated to all employee.
Information security awareness
Benify annually educates, trains and tests all employees as regards information security policies and procedures.
All our employees are covered by information security agreements and non-disclosure agreements.
Benify performs background checks on all new employee’s and temporary staff. The background check includes education, employment verification, references and for certain positions criminal records.