Schibsted continuously complies with relevant laws, regulations, and contractual demands.
To ensure compliance with legal, statutory, regulatory, and contractual obligations related to information security, all such requirements should be explicitly identified, documented, and kept up to date for each information asset and organization. Appropriate procedures shall be implemented to ensure compliance with requirements related to property rights and the use of proprietary software products.
Records shall be protected from loss, destruction, falsification, unauthorized access, and unauthorized release per legislative, regulatory, contractual, and business requirements. Privacy and protection of personally identifiable information (PII) shall be ensured as required in the relevant regulation. Encryption shall be used in compliance with all relevant agreements, legislation, and regulations.
To ensure that information security is implemented and operated per the requirements set forward in this document, the organization shall be audited regularly or when significant changes occur. Managers shall regularly review the compliance of information processing and procedures within their area of responsibility. Information systems shall be regularly reviewed for compliance with appropriate security requirements in this and other related documents.
Compliance issues with the Schibsted Security policy shall be reported to the Chief Security Officer (CISO).