The purpose of this Data Security Policy (“Policy”) is to describe Appsco AS's security policy regarding customer information, including without limitation personal information collected and processed by Appsco AS's online services.
Specifically, this Policy is intended to identify Appsco AS's policies, procedures, and auditing and training practices utilized for data security, and our resulting responsibilities to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Appsco AS provides its customers with online data processing services. In this capacity, we do not own or control any of the information we process on behalf of our customers; all such information is owned and controlled by our customers. This customer information is stored in a secure facility of a third-party independent data processor service provider on hardened systems using industry standard data security methods. Access to this information is restricted to authorized personnel only as dictated by operational policies.
Appsco AS also collects personal information from identifiable persons for purposes of product registration and support, and to complete transactions. This information may be stored on Appsco AS's internal computer network or in offline filing systems. Access to this information is restricted to authorized personnel only as dictated by operational policies.
The following sections describe Appsco AS's comprehensive approach to ensuring enterprisewide compliance with its Policy. This consists of four (4) major areas: Security, Personnel Education, Audits and Contracts.
Security of data is the cornerstone of verifying privacy of data. Appsco AS maintains a rigorous security posture through focused methodology. It is founded on the implementation of best practices and security policies in five (5) major areas providing enterprise wide coverage including:
Key policies in place that contribute to the verification and compliance with the Policy are:
Operational procedures demonstrating compliance with the Policy are:
The above referenced policies and procedures are documented and available for review.
Our personnel consist of employees and contractors.
This Security Policy is self-verified periodically by Appsco AS's Security Officer. The Security Officer is responsible for:
In addition, Appsco AS, through its internal audit processes, conducts an audit of its security controls a minimum of once per year. This independent review assesses the physical security, network security and operational policies and controls in place to protect customer data. The latest copy of the security review is ava ilable to customers, personnel and prospects upon request.
Prior to (i) processing any personal information on behalf of an individual or entity, or (ii) transferring any personal information, Appsco AS requires contracts with data security provisions consistent with by this Security Policy.
As a condition of employment, all Appsco AS personnel must sign a confidentiality agreement.