Information Security Policy of Reykjavík City Preschools
Reykjavík City preschools collect and maintain information related to the operation of the preschools. With this documented Information Security Policy, the preschool wants to emphasize the importance of data protection and information security in the processing of this information.
The purpose of this Policy is to express the commitment of preschools to protect their data against threats, both internal and external, intentional and unintentional. The goal of information security management is to ensure ongoing access to information and minimize damage if it occurs, by preventing or minimizing the effects of incidents that may disrupt data processing or cause leaks.
The preschool maintains, among other things, sensitive personal identifiable information which requires special protection. The interests of parties related to the matters concerned may be harmed if the information falls into the wrong hands, is incorrect, or is not accessible when necessary. Therefore, the preschools have written this security policy concerning the confidentiality, accuracy, and availability of data.
Confidentiality
The preschool ensures that only authorized parties have access to their information.
Data accuracy
Preschools ensure that any recorded information is correct and accurate at all times.
Data availability
Preschools ensure that any recorded information is accessible to authorized individuals who need to use it when necessary. Preschools also ensure that systems and data that may be damaged can be restored with the help of an emergency response plan and stored backups in a secure location.
This security policy is based on current laws and regulations regarding personal data protection and processing. The Security Policy is in full compliance with the Data Protection Authority's Rules No. 299/2001 on the Security of Personal Data and meets the requirements of the ÍST EN ISO/IEC 27001 standard.
Employees who have access to information assets, as well as processors involved in the operation of information systems or information processing, must have access to and be familiar with this Security Policy and the relevant parts of the regulation manual for their work. Sanctions are specified in employment contracts, job descriptions, collective agreements, or laws and can consist of a written reminder or dismissal, depending on the circumstances.