Cactos Oy is an energy storage provider, which includes the use of cloud service for energy and consumption analysis and statistics to their customers. Cactos Oy always complies with all applicable laws and regulations. Responsibility is one of our key values and a natural part of the organisation’s business.
In its daily operations, Cactos Oy processes personal data and information regarding customers. Cactos Oy’s customers trust us to protect their data, due to which data security is an essential part of our business.
Our Data SecurityPolicy defines the principles and methods by which we ensure a suitable level of both information security and data protection, the lawful processing of personal data, risk management, handling of incidents, responsible operations and the implementation of quality services. We develop and update our data security policy and other related procedures according to the relevant legislation and regulations.
With data security, we strive to ensure the confidentiality, integrity, availability and quality of our data and data systems, and to implement built-in and default data security and protection in all situations. Our operations comply with the laws and regulations established for data protection and security.
We implement and develop our data security using risk-appropriate and cost-effective solutions.Security measures also manage the risks associated with the introduction of new practices and technologies.
The CEO and management team of Cactos Oy are primarily responsible for the implementation of data security and the creation of the necessary environment for it. The management team appoints a data security officer who is responsible for the development and maintenance of the data security management system. The management team defines the organization responsible for data security and the organisation’s responsibilities.
Security work is included in every profession and job and is an ongoing process. We require that each of our employees and partners adhere to this policy and contractual obligations in their operations and are responsible for the security of the data they manage. Each of our employees is required to report any misconduct to our security officer or their supervisor. Our personnel are bound by professional secrecy about the data they handle in the course of their work, and a duty of confidentiality is recorded in employment contracts.
The main responsibility for the data security of a particular data or service lies with Cactos Oy. Cactos Oy is responsible for the IT system’s or service’s data security, compliance with data security requirements, and the continuous monitoring and development of information security.
It is the responsibility of each data controller to report any security breaches or suspected misconduct or breaches of security in accordance with the applicable guidelines, laws and regulations.
Maintaining and developing data security is an ongoing process in which we use administrative, physical and IT solutions. We assess the likelihood and impact of the risks associated with data processing on the quality of our operations and strive to manage those risks through appropriate controls. We have a security management system in place and are committed to continually improving it and evaluating its suitability, adequacy and effectiveness.
We monitor the implementation of our data security on a risk basis, also considering new threats to the operating environment. We continually evaluate our technical security and conduct regular security audits of key environments.
Our data security officer is authorized by the CEO and is thus independently responsible for conducting security-related surveys and initiating problem investigations.Monitoring and reporting on security at a general level is the responsibility of each of our employees. The owners of our processes and operations have an obligation to actively monitor and develop their responsibilities. We train our staff regularly and maintain security awareness through various measures.
Operating models have been defined for handling and reporting possible security breaches.Violation of our security policy and guidelines is considered a security breach. We have defined procedures for dealing with violations and our personnel process provides for appropriate sanctions. If necessary, we co-operate with various authorities and we are in contact with the NationalCyber Security Centre, Finnish Transport and Communications Agency Traficom.
Cactos Oy reviews its data security policy at regular intervals. In the event of changes in the relevant regulations or organizational activities, we will update the content of this policy as necessary. It is the responsibility of our designated security officer to evaluate the matter and update its content.
The Board ofDirectors of Cactos Oy has approved the data security policy.