Information Security Governance

Information classification

Benify applies information classification to all information used in- and outside of applications.

Risk management

Information security risk management is a continuous process at Benify. We undertake several annual risk analyses and manage all risks according to Benify’s risk acceptance criteria.

Significant changes within the organization, its business processes or information processing facilities which affect information security are each to be controlled by a risk analysis.

Information security audit

Benify continuously undertakes information security audits to ensure compliance to standards, best-practice frameworks, legislations and regulations.

Audits performed by external independent auditors:
• Internal information security audit (annually)
• ISO 27001 certification audit (annually)
• ISAE3000 type 2 report (annually)

Audits/compliance checks performed by Benify:
• (CAIQ) Consensus Assessments Initiative Questionnaire (continuously)

Incidents

All security and data protection incidents are managed by Benify’s security and data protection organization according to establishes policies and procedures.

Supplier assessments

In order to ensure compliance to information security policies and data protection legislations Benify have processes and policies in place to review and assess all new IT systems/services that are introduced in our organization.

Governing documents

Our security policies, procedures and guidelines are documented, internally published and communicated to all employee.

Information security awareness

Benify annually educates, trains and tests all employees as regards information security policies and procedures.

Employee vetting

All our employees are covered by information security agreements and non-disclosure agreements.

Benify performs background checks on all new employee’s and temporary staff. The background check includes education, employment verification, references and for certain positions criminal records.