Security policy

Nordkap is responsible for the technical and organisational security measures within and around its programme. This means that at Nordkap’s programme, we must ensure that the company has the security that is necessary for purposes such as authorisation management and the ability to make register exports and erase personal data. When the programme lacks the functionality to manage personal data, we have internal procedures for this purpose. The measures taken by Nordkap are described in more detail below.

Authentication

All data communication uses Secure Sockets Layer (SSL). A login with user name and password is required to gain access to the service.

Nordkap uses 256-bit SSL encryption and 2048-bit public keys from RSA for encrypted communication. All data communication to and from the User’s computers are encrypted with SSL, the most popular Internet standard for encrypted communication.

Nordkap employs password protection where the login process is completely encrypted, which means that no information is transmitted as unencrypted text. Users’ passwords are stored in one-way encrypted format (with a standardised one-way hash).

The Customer is always the responsible party for the risk of unauthorised use of the Services because the User left a logged in computer unguarded.

Users are continually verified. Every call to Nordkap’s servers means a verification of the authorisation of the logged-in party.

 

Storage and backups

Nordkap’s Services are built on a modern server platform.

Nordkap’s server environment and network are protected by firewalls. In addition, Nordkap proactively monitors and analyses its firewalls and system logs.

Nordkap has comprehensive backup procedures that ensure continuity of its services. Users’ passwords remain encrypted during backups. Complete backups are performed daily.

 

Knowledge and information protection

Only a small number of key personnel know how the security system is designed. All staff are bound by a non-disclosure agreement that prohibits the dissemination of data, information, and the customer’s or user’s personal data. Only authorised personnel have access to the data.

 

Receive notifications on service status

At Nordkap we work hard to ensure that our services are available 24 hours a day, 7 days a week so that you as a customer can work at any time. As a user, you receive automatic e-mails if there is any problem with our services.