Our information security is based on risk management. The information security management system sets guidelines for risk management and damage minimisation, data classification, and information security roles, anchored in senior management. The information security status is reported to the board of directors of Sigma2.
The use of our resources is subject to an Acceptable Use Policy, which, among other things, requires that the resources be used for the research purposes provided in the project application, and that security incidents are reported to relevant authorities and Sigma2. Users must comply with a Password Policy for access to the resources, and we have a Privacy Statement related to the use of personal data in Sigma2.
One of Sigma2's core values is transparency, and this is adhered to in information security, among other things, by having a public list of incidents and maintenance outages.
The operational information security at Sigma2's resources is monitored by Sigma2's CS-IRT. They can be reached at csirt@sigma2.no. Our ISP is Sikt, which operates the Cybersecurity Center for Research and Education (eduCSC) as the IRT, and they also monitor our network connections.
Sigma2 and the NRIS organisation certify their employees in the ITSM framework, FitSM.