DNV is committed to safeguarding both our customers' and our own information assets and personal data. Recognizing that robust information security is not only a business enabler but also crucial for protecting our employees, customers, and reputation in the marketplace and public at large.
DNV will provide the necessary resources and management commitment for adequate security of the information assets in our possession, continually improving the information security management system and complying with applicable legal requirements. It is, however, the personal responsibility and security consciousness of every DNV employee that will make the biggest impact on information security.
DNV employees are contractually obliged to maintain strict customer confidentiality. In accordance with local laws and regulations, they undergo background checks and sign our Code of Conduct before being hired.
Our Global Shared Services (GSS) IT function invests significant resources in continuously monitoring and preventing new and emerging cyber threats and potential vulnerabilities in our IT systems in line with best practices. We work on the cyber-security principle of ‘assume a breach’ and invest in both preventive actions and our ability to detect and respond to such events.
In partnership with our main IT vendors, IBM and Microsoft, we use advanced AI-enabled tools to identify the most significant threats, and to detect and respond to cyber-attacks. Phishing and delivery of malware by e-mail are common attack vectors, and we mitigate these risks by heavily building cyber security awareness and competence among our employees.
To ensure that DNV adheres to the highest level of data protection, we are ISO/IEC 27001:2022 certified across the Group. We have a detailed information classification system to segment and secure sensitive information within our IT system and use regular audits to identify opportunities for improvements.
In order to ensure the confidentiality, integrity and availability of our information assets, we have established an Information Security Management System (ISMS) compliant with ISO/IEC 27001:2022. The ISMS defines the policies, roles and responsibilities, processes and controls that govern how we manage and protect our information and IT systems. The ISMS also helps us to comply with the relevant laws and regulations, such as the GDPR, and to meet the expectations of our customers and stakeholders. We regularly monitor, review and improve our ISMS to maintain its effectiveness and alignment with our business objectives.
To run the daily business in our organization it is necessary to handle personal data of our employees, customers and business partners. We are committed to protecting personal data according to the EU/EEA General Data Protection Regulation (GDPR).
DNV sees data and information as key enablers for creating customer and business value, achieving operational excellence, and fostering innovation.
DNV is continually aiming to improve data management processes and technologies, by focusing on competencies, collaboration across business units and data exploration culture.
DNV has a policy to ensure lawful and responsible use of Artificial Intelligence technology. This includes acquisitions, use or development of AI models, components, services, technologies and applications in DNV.