Introduction - Our Approach to Security
The protection of your data is very important to us. We have implemented a variety of security and privacy enhancing technologies in accordance with industry best practices. These measures cover our entire technology stack. Additionally, we work with industry experts to guide us to make certain that what we do, we do properly and validly.
The purpose of this documentation is to describe the primary organisational and technical security measures of Juristic ApS (CVR no. 42353639) ("Juristic"). The documentation has been prepared by Juristic and is intended to serve as external documentation in order to provide Juristic's existing and future customers with an overview of (i) information security, organization and internal guidelines; (ii) data processing; (iii) the structure of Juristic's software platform and operating environment (the "Platform"); and (iv) other compliance measures.
As a technology supplier, Juristic seeks to ensure that data and information are protected in the best possible way. This is also the case in relation to the required responsibility roles as recommended by ISO 27001. To comply with these standards, a supplier should have allocated all responsibilities for information security in relation to the performance of a contract entered into. ISO 27001 defines four primary roles: (a) top management; (b) an information security coordinator; (c) an information security committee; and (d) a system owner.
Although Juristic is a start-up, and as a result there is a natural staffing limitation, responsibilities have been allocated as appropriately as possible.
The top management consists of Christian Hjortshøj (CEO) and Kean Ottesen (CTO). The responsibilities of the top management are - for IT security purposes - to set the security level for Juristic and to establish and deploy an Information Security Management System (ISMS) and ensure that the employees are qualified to work securely with the organisation. The latter is done both through training at start-up and a general principle across tools and vendors of "least privileges", which means that employee accesses are shielded so that they do not have access to more than they need.
Due to the size of the organisation, Juristic does not yet have a separate security coordinator or information security committee, so these roles also lie with senior management.
A system owner has operational responsibility for ensuring that systems work and that customers have access to the information they need, when they need it (availability). Similarly, it is the responsibility of the system owner to ensure the accuracy and completeness of information (integrity). Sensitive information must be protected from unauthorised access (confidentiality)
Juristic has adopted a procedure for rights and responsibilities alignment in the context of internal re-organisations, changes of employment and terminations.Juristic's security policies are - to the degree possible - modeled after the requirements in ISO 27001 and ENISA. Juristic plans to begin the formal certification process within a short time. Please contact CEO, Christian Hjortshøj (ch@juristic.io) for further information if this is a requirement for your organisation.
As mentioned above, Juristic as an organisation applies the principle of "least privileges", which obviously has an impact on access management. Juristic employees have access only to the information and personal data they are specifically authorized to use in relation to the performance of the agreement. Logs of access and access history may be provided at the customer's request on a regular basis so that this principle can be verified.
Juristic have implemented the following policies and procedures that are available as needed and by request:
Antivirus and Malware Policy
Business Continuity Plan
Information Security Incident Procedure
Information Security Policy
Patch Management Policy
The purpose of this documentation is to describe the primary organisational and technical security measures of Juristic ApS (CVR no. 42353639) ("Juristic"). The documentation has been prepared by Juristic and is intended to serve as external documentation in order to provide Juristic's existing and future customers with an overview of (i) information security, organization and internal guidelines; (ii) data processing; (iii) the structure of Juristic's software platform and operating environment (the "Platform"); and (iv) other compliance measures.
Internal Organisation and Policies
As a technology supplier, Juristic seeks to ensure that data and information are protected in the best possible way. This is also the case in relation to the required responsibility roles as recommended by ISO 27001. To comply with these standards, a supplier should have allocated all responsibilities for information security in relation to the performance of a contract entered into. ISO 27001 defines four primary roles: (a) top management; (b) an information security coordinator; (c) an information security committee; and (d) a system owner.
Although Juristic is a start-up, and as a result there is a natural staffing limitation, responsibilities have been allocated as appropriately as possible.
The top management consists of Christian Hjortshøj (CEO) and Kean Ottesen (CTO). The responsibilities of the top management are - for IT security purposes - to set the security level for Juristic and to establish and deploy an Information Security Management System (ISMS) and ensure that the employees are qualified to work securely with the organisation. The latter is done both through training at start-up and a general principle across tools and vendors of "least privileges", which means that employee accesses are shielded so that they do not have access to more than they need.
Due to the size of the organisation, Juristic does not yet have a separate security coordinator or information security committee, so these roles also lie with senior management.
A system owner has operational responsibility for ensuring that systems work and that customers have access to the information they need, when they need it (availability). Similarly, it is the responsibility of the system owner to ensure the accuracy and completeness of information (integrity). Sensitive information must be protected from unauthorised access (confidentiality)
Juristic has adopted a procedure for rights and responsibilities alignment in the context of internal re-organisations, changes of employment and terminations.Juristic's security policies are - to the degree possible - modeled after the requirements in ISO 27001 and ENISA. Juristic plans to begin the formal certification process within a short time. Please contact CEO, Christian Hjortshøj (ch@juristic.io) for further information if this is a requirement for your organisation.
As mentioned above, Juristic as an organisation applies the principle of "least privileges", which obviously has an impact on access management. Juristic employees have access only to the information and personal data they are specifically authorized to use in relation to the performance of the agreement. Logs of access and access history may be provided at the customer's request on a regular basis so that this principle can be verified.
Juristic have implemented the following policies and procedures that are available as needed and by request:
Antivirus and Malware Policy
Business Continuity Plan
Information Security Incident Procedure
Information Security Policy
Patch Management Policy
Updated on: 20/08/2024