Information security policy

Tosibox is committed to:

• Operating in accordance with the ISO 27001 information security standard,
• Investigate all reports of security vulnerabilities affecting our products and services, and
• Promote cybersecurity in all our operations.

Compliance with ISO 27001 includes regular security audits conducted both internally and externally. In the scope of information security management system are offices in Oulu, Finland and all services provided from Finland by Tosibox.

The information security objectives are:

• Safeguard the confidentiality of customers' information and other sensitive data. In the event of a security breach, the utmost priority is to ensure that the breach is promptly detected and reported.

• Product development is using documented Secure Development Lifecycle (SDLC) process. Throughout the product lifecycle, strict adherence to secure coding practices and guidelines is implemented.

• Identify applicable legislation and ensure compliance with data protection laws, industry regulations, and customer-specific requirements during the design, development, and delivery of products.

• The Information Security Management System is in use and tailored to meet the specific needs of the company.

Tosibox has a cybersecurity team and an officer responsible for monitoring and improving information and cybersecurity as part of Tosibox's daily operations. Cybersecurity team and the officer report to company CEO and the executive management team.

The entire Tosibox staff regularly participates in information and cybersecurity training provided by the company. Every employee is obligated to promptly report security anomalies according to defined internal processes.

All material available on the public web site is labelled public and can be freely distributed. Classified information will be shared only under the NDA with the relevant parties.