Home / Sustainability / Privacy and Data Security

Privacy and Data Security

How We Ensure Privacy and Data Security  
At Addnode Group, safeguarding privacy and maintaining robust data security measures are at the heart of our operations. We strive to uphold the highest possible standards of security and transparency to protect our customers, employees, and stakeholders. Below, we outline our comprehensive approach to security and data privacy.

Cybersecurity is a top priority at Addnode Group, ensuring robust protection and trust across all companies. At the group level, a comprehensive cybersecurity policy sets a standard for cybersecurity maturity and oversight across all subsidiaries, adopted by the Addnode Group Board and governed by the respective division heads. A dedicated group-wide cybersecurity team provides continuous support to enhance resilience, monitor risks, and implement best practices.  
 
As a decentralized organization, each of our subsidiaries is responsible for implementing its own data protection strategy. These data protection strategies are designed to meet and often exceed legal requirements. To ensure transparency and compliance when collecting data, the majority of our subsidiaries’ policies clearly define the purposes for data collection, detail the methods used, and specify if and how third parties may access the data, including the purposes for such access. Further, most of our companies empower customers with robust data control rights, including the ability to access, correct, and delete their personal information, ensuring respect for individual privacy. Additionally, the majority of our subsidiaries implement strict data retention policies, ensuring personal data is deleted after a defined period, which minimizes risks associated with prolonged data storage. To further strengthen data security, all subsidiaries implement access control measures to protect personal and sensitive information. Some subsidiaries further enhance these protections by employing advanced techniques, such as encryption and de-identification, to add an extra layer of security.  

Responsibility for privacy and data security rests at the highest levels within each subsidiary, overseen by C-suite executives, board members, designated CISOs, or risk officers. This structure underscores our commitment to safeguarding data and maintaining the trust of those who rely on us. 

In the event of a data breach or security incident, proactive and reactive measures are in place across all subsidiaries. These efforts are bolstered by cybersecurity initiatives implemented at the Group level, ensuring a strong and consistent foundation across the organization. To further strengthen our cybersecurity efforts, all subsidiaries prioritize employee training to ensure that staff understand their responsibilities in safeguarding data and maintaining security protocols. Additionally, our companies strive to educate customers on protecting themselves online when using our products and services and aim to embed data protection safeguards into offerings whenever feasible. To uphold rigorous information security standards, companies across the Group conduct regular internal and external audits, ensuring compliance with industry best practices and maintaining up-to-date systems. 

 
Management systems and certifications  
For many of our subsidiaries, certifications determine how different activities are managed and are often prerequisites for qualifying as providers in certain customer segments. Addnode Group’s subsidiaries held, or were working to obtain, the following certifications at the end of 2024:  
 

  • All of Technia’s major offices are certified for quality management under ISO 9001 and environmental management under ISO 14001. Technia offices in Karlsruhe (Germany), Kista (Sweden), Milton Keynes (UK), Nieuwegein (Netherlands), and Pune (India) are certified for information security under ISO 27001. 
  • Symetri UK is certified for quality management under ISO 9001. Efforts are underway to certify more of Symetri’s operations. 
  • Service Works Global (SWG) is certified for quality management under ISO 9001 and information security under ISO 27001 in all regions except the Nordics. In Sweden, SWG meets information security requirements according to the SKR KLASSA tool. 
  • Decerno and Sokigo are certified for information security under ISO 27001. 
  • Decerno, Icebound, and Sokigo are FR 2000 certified. FR 2000 is an integrated management system for quality, environment, workplace safety, and recruitment. 
  • Decisive holds the Norwegian environmental management certification Miljøfyrtårn. 
  • Forsler & Stjerna is working to achieve quality management certification under ISO 9001 during 2025. 
  • Canella, Intraphone, and Stamford are working to achieve information security certification under ISO 27001 during 2025. 

 

 
Looking Ahead 
Security and data privacy are ongoing commitments at Addnode Group. We continuously invest in advanced technologies, rigorous training, and proactive strategies to adapt to the evolving security landscape. This is just a snapshot of our efforts to ensure security and data privacy. We are proud of our progress and remain dedicated to fostering trust and safeguarding information. 

Related

Whistleblower Policy

Whistleblower Policy
Digital Twins

Digital Twins
Case Studies

Case Studies