Information Security Policy

As a professional organization delivering products and services to critical infrastructure, Information Security is a core concern for Heimdall Power as an organization and integrated into all business activities and operations.

We establish our Information Security Management System as per the ISO 27001 requirements and best practices. 

The goal of the Information Security Management System is to ensure that Heimdall Power:
  • complies with internal and external requirements and expectations,
  • complies with relevant laws, rules, and regulations, and
  • operates according to security best practices. 
The Heimdall Power Information Security Management System is based on the following axioms:
  • international standards and best practices,

  • information security controls based on ISO 27001 Annex A,

  • risk management and assessment based on
    ISO 31000 and ISO 27005, and 

  • privacy regulations such as GDPR.

The Information Security Management System applies to all employees and third parties such as consultants, strategic suppliers, partners, and sub-contractors.

Brage Johansen, CEO, 29.06.2021

SUPPLY CHAIN ETHICS

Engaging with our Vendor Partners and Suppliers

We expect our vendor partners to maintain the highest standards of business ethics, integrity and respect for human rights and to become familiar with and comply with our policies as outlined in our Partner Guide. We also expect vendor partners to operate their businesses in compliance with all applicable laws and to maintain lawful environmental, health and safety practices that meet or exceed all applicable laws and standards, as outlined in our Position on Human Trafficking and Slavery.

Heimdall Code of Conduct

The Supplier is to hold and maintain at all times the Heimdall Code of Conduct addressing human rights, worker rights, the environment and corruption.

The Supplier must acknowledge HP’s Code of Conduct in all new contractual arrangements. The Supplier must do this by signing the HP Compliance Letter (exhibit).

The Supplier is obligated to communicate the contents of Compliance Letter (Exhibit) to related entities and subcontractors who support the Supplier in supplying goods, works or services on behalf of HP. This will ensure that subcontractors conduct their business in accordance with the Code of Conduct.

If requested by HP, the Supplier must provide evidence and confirmation of its compliance with the Compliance Letter (Exhibit), including by providing documents and records in support of its compliance.