eMabler 's Security & Privacy Policy
eMabler 's Security & Privacy Policy
1. PURPOSE AND MOTIVATION
eMabler Oy has implemented an Information Security Management System (ISMS) to ensure its Information Management Systems continuity and protect its customer, employees and partner data in the event of security breaches and malicious attacks. The ISMS implemented by eMabler Oy is compliant with ISO/IEC 27001:2022, the international standard for information security.
Purpose of this security and privacy policy is to help the eMabler team and its contractors to protect eMabler’s customers, partners, team members, operations, know-how and other secrets. Furthermore, eMabler wants to be a significant net contributor to online security with a major positive impact.
Privacy, confidentiality and business continuity are top priorities to us as we are the care keepers and trusted service providers of the online security of our customers and personal end-users. Our customers expect a certain level of governance and security from us, in line with their own policies and practices.
2. UPKEEP
This policy is annually reviewed by the InfoSec team and approved by the Company’s CEO. Practice meets the policy and vice versa, in case of conflict they will be brought in sync.
Any deviations from this Security Policy are documented as Security Exceptions.
Present and future eMabler team and contractors will study this policy and be notified by the CISO / Security Officer when it changes.
3. ACCESS RIGHTS AND CONTROL
All services and devices require user authentication, no open access or community passwords are in use, except when documented and handled as a Security Exception.
All passwords are personal and unique between different services. Passwords are stored only in a safe and encrypted fashion.
Multi-factor authentication is enabled for all internal business services with confidential information.
Access rights to third party and online services, including social media accounts, used in connection with the company’s operations are separately tracked and documented in an Access Matrix. When the team or contractors take a new service in use, it is added to the tracking.
Devices – including both laptops and mobile devices – are configured to automatically lock and require login if left idle. If this is not feasible, then such equipment is documented as a Security Exception and operated only in an access-controlled space.
Physical spaces with unprotected equipment or information are physically access controlled and record of the current keys or access codes is kept in a Key Register. Our office Key Register is maintained by Maria01 office space administrators. Keys are given to the personnel only when there is an actual need. eMabler also has the confidentiality and clean desk policy enforced.
If a team member leaves the team or a contractor stops working for the team, then access rights and keys are immediately revoked or returned accordingly. Offboarding procedures, including revoking of access rights, returning keys and equipment, are done according to an offboarding checklist.
Adding and removing access rights is the responsibility of our owner or administrator of the system or third-party service in question. Supervisor of an employee or a subcontractor should contact and coordinate access rights with respective owners and administrators as part of the onboarding and exit processes. Access Matrix is updated when access rights are modified and reviewed as whole at least once per year in a periodic Security Review. Access rights are granted and revoked based on business needs only.
4. DATA STORAGE, RETENTION AND BACKUPS
All devices, mobiles, computers and removable media storing confidential information are configured to encrypt information at rest with disk or storage encryption. If not feasible for special purpose instruments, then such equipment is documented as a Security Exception and operated only in an access-controlled space.
Personally identifiable information has a defined data retention in the corresponding Data Retention Policy and it is not stored indefinitely unless explicitly so documented.
Online services we provide and sell have a Backup Policy. Distributed repositories, synchronised cloud storage and native backups of online services we depend on are used to safeguard our information and data. Ad hoc backups of devices or data that is not centrally stored are only taken to encrypted media and the media is kept either directly in the team's possession or in a physically access-controlled space.
When removable media or devices are no longer needed to store the data, they are wiped clean of the data before recycling.
5. OWN INFRASTRUCTURE AND PERSONAL DEVICES
Any own infrastructure (for example web servers, gitlab servers, VPN endpoints, IoT devices) and personal devices should be minimized, and they should have clear ownership. Initial installations should be minimal and when new services are added they should be firewalled and authenticated to limit access to authorized use. Personal devices should be auto-updated. Infrastructure systems and devices should be auto-updated when deemed safe or otherwise patched monthly. The person who installed the system is responsible for patching until responsibility is transferred explicitly to another person. If patches include critical security patches, those will be installed as soon as possible.
6. OWN PRODUCTS
Periodic product Security Reviews are kept and documented. Our Product Security Officer has been named and authorized to make decisions required to keep our products and services safe and secure.
6. SUPPLY CHAIN
Security of the supply chain, both subcontractors and technical dependencies, are considered regularly as part of the periodic Security Reviews.
As a notable exception, we cannot assume responsibility for the software or hardware security of charging devices.
7. ZERO-TRUST, REMOTE WORK AND DEVICE SECURITY
No matter where we work from, we should always assume that the environment itself can not be trusted. Don’t let others access the devices you use for work. If you have data to protect on any device or media it should be encrypted in case someone else gets physical access. If you have data to be protected on paper in plain text, always keep it in your hands or behind locks and shred it when done with it. Also keep in mind that it would be best not to have it on paper at all. Lets not keep extra sensitive data with us, only keep the bare minimum that you really need. When you have something sensitive on your screen, keep in mind that there might be prying eyes close by. When you talk aloud, remember that your voice might be heard around you, and snooped on the wire if the service is not end-to-end encrypted. Devices you use for work should automatically lock and require authentication if left idle. There are no trusted networks, all sensitive network usage should be end-to-end encrypted. Finally, in remote access and communications certificates or other mutual authentication should be used and required to make sure that both parties to communication are who or what they should be.
8. INCIDENT REPORTING AND MANAGEMENT
Suspected security incidents and major service interruptions are reported to the InfoSec team, CISO or to the supervisor. Suspected incidents are documented, and an Incident Log is kept. Owner or administrator of the affected data or service should be notified and will lead the incident response process.
9. ONBOARDING AND TRAINING
When you as a team member or contractor introduce new people or companies to work for or with us, it is your responsibility to make them aware of this security policy. When we make security training or instructions available, you should promptly familiarize yourself with the guidance. We follow an onboarding checklist for new employees and contractors.
10. CONFIDENTIALITY AND DATA PROTECTION
Databases, services or registries that contain personally identifiable information have up to date Confidentiality Policies. Applicable data protection legislation and regulation is followed. Personal data should never be collected without a reason and data retention should be planned and minimized both in volume and time. Our Privacy Policy for customer data collected via our website can be found at https://www.emabler.com/privacy-policy.
11. SECURITY ROLES, QUESTIONS AND LIST OF SECURITY DOCUMENTS
eMabler InfoSec team:
- Our Chief Security Officer is: Maria Hovila / Maria@emabler.com
- Security officer is: Ville Parviainen / ville@emabler.com
- Software / product security officer is: Kasper Nurminen / Kasper.nurminen@emabler.com
- CEO: Juha Stenberg / Juha@emabler.com
Customers, Staff & Suppliers: if you have any security concerns or note exceptions, want to create a security incident or have further questions on security related topics, please contact the InfoSec team(security@emabler.com).
Security, threats and risks are about the unexpected, and they constantly evolve. If ever in doubt, consult your eMabler InfoSec team members. There are no stupid questions.
These are eMabler’s security documents in place:
Note: This list might evolve with time. For details, please contact eMabler’s CISO.
eMabler Policies:
POL-1 Acceptable Use Policy
POL-2 Access Management Policy
POL-3 Antivirus Policy
POL-4 Application Security Policy
POL-5 Asset Management Policy
POL-6 Availability Policy
POL-7 Backup Policy
POL-8 Business Continuity Policy
POL-9 Change Management Policy
POL-10 Clean Desk Policy
POL-11 Code Of Conduct Policy
POL-12 Confidentiality Policy
POL-13 Configuration Management Policy
POL-14 Data Classification Policy
POL-15 Data Retention Policy
POL-16 Disaster Recovery Policy
POL-17 Encryption Policy
POL-18 Incident Management Policy
POL-19 Information Security Policy
POL-20 Logging And Monitoring Policy
POL-21 Mobile Device Policy
POL-22 Network Management Policy
POL-23 Password Policy
POL-24 Patch Management Policy
POL-25 Personnel Security Policy
POL-26 Physical Security Policy
POL-27 Remote Access Policy
POL-28 Risk Management Policy
POL-29 Sanctions Policy
POL-30 Social Media Policy
POL-32 Vendor Management Policy
POL-33 Vulnerability Management Policy
eMabler Procedures
PRO-1 Procedure for control of documented information
PRO-2 Management review procedure
PRO-3 Business Continuity and Disaster Recovery Procedures
PRO-4 Contact procedure with local authorities and special interest groups
PRO-5 Employee on- and offboarding procedures
PRO-6 Corrective action procedure
PRO-7 Internal Audit Procedure
PRO-8 Data backup procedures
PRO-9 Patch Management Procedure
PRO-10 Emergency Access to Data
PRO-11 Save disposal and re-use of IT equipment
PRO-12 Vendor Management Procedure
PRO-13 Procedure to Protect Intellectual Property
PRO-14 Guest Management Procedure
PRO-15 Information Security in Projects
Governance Documents
GOV-1 Information Security Context Requirements and Scope
GOV-2 Organizational Roles, Responsibilities And Authorities
GOV-3 Information Security Objectives & Plan
GOV-4 Risk assessment and treatment plan
GOV-5 Information Security Communication Plan
1. PURPOSE AND MOTIVATION
eMabler Oy has implemented an Information Security Management System (ISMS) to ensure its Information Management Systems continuity and protect its customer, employees and partner data in the event of security breaches and malicious attacks. The ISMS implemented by eMabler Oy is compliant with ISO/IEC 27001:2022, the international standard for information security.
Purpose of this security and privacy policy is to help the eMabler team and its contractors to protect eMabler’s customers, partners, team members, operations, know-how and other secrets. Furthermore, eMabler wants to be a significant net contributor to online security with a major positive impact.
Privacy, confidentiality and business continuity are top priorities to us as we are the care keepers and trusted service providers of the online security of our customers and personal end-users. Our customers expect a certain level of governance and security from us, in line with their own policies and practices.
2. UPKEEP
This policy is annually reviewed by the InfoSec team and approved by the Company’s CEO. Practice meets the policy and vice versa, in case of conflict they will be brought in sync.
Any deviations from this Security Policy are documented as Security Exceptions.
Present and future eMabler team and contractors will study this policy and be notified by the CISO / Security Officer when it changes.
3. ACCESS RIGHTS AND CONTROL
All services and devices require user authentication, no open access or community passwords are in use, except when documented and handled as a Security Exception.
All passwords are personal and unique between different services. Passwords are stored only in a safe and encrypted fashion.
Multi-factor authentication is enabled for all internal business services with confidential information.
Access rights to third party and online services, including social media accounts, used in connection with the company’s operations are separately tracked and documented in an Access Matrix. When the team or contractors take a new service in use, it is added to the tracking.
Devices – including both laptops and mobile devices – are configured to automatically lock and require login if left idle. If this is not feasible, then such equipment is documented as a Security Exception and operated only in an access-controlled space.
Physical spaces with unprotected equipment or information are physically access controlled and record of the current keys or access codes is kept in a Key Register. Our office Key Register is maintained by Maria01 office space administrators. Keys are given to the personnel only when there is an actual need. eMabler also has the confidentiality and clean desk policy enforced.
If a team member leaves the team or a contractor stops working for the team, then access rights and keys are immediately revoked or returned accordingly. Offboarding procedures, including revoking of access rights, returning keys and equipment, are done according to an offboarding checklist.
Adding and removing access rights is the responsibility of our owner or administrator of the system or third-party service in question. Supervisor of an employee or a subcontractor should contact and coordinate access rights with respective owners and administrators as part of the onboarding and exit processes. Access Matrix is updated when access rights are modified and reviewed as whole at least once per year in a periodic Security Review. Access rights are granted and revoked based on business needs only.
4. DATA STORAGE, RETENTION AND BACKUPS
All devices, mobiles, computers and removable media storing confidential information are configured to encrypt information at rest with disk or storage encryption. If not feasible for special purpose instruments, then such equipment is documented as a Security Exception and operated only in an access-controlled space.
Personally identifiable information has a defined data retention in the corresponding Data Retention Policy and it is not stored indefinitely unless explicitly so documented.
Online services we provide and sell have a Backup Policy. Distributed repositories, synchronised cloud storage and native backups of online services we depend on are used to safeguard our information and data. Ad hoc backups of devices or data that is not centrally stored are only taken to encrypted media and the media is kept either directly in the team's possession or in a physically access-controlled space.
When removable media or devices are no longer needed to store the data, they are wiped clean of the data before recycling.
5. OWN INFRASTRUCTURE AND PERSONAL DEVICES
Any own infrastructure (for example web servers, gitlab servers, VPN endpoints, IoT devices) and personal devices should be minimized, and they should have clear ownership. Initial installations should be minimal and when new services are added they should be firewalled and authenticated to limit access to authorized use. Personal devices should be auto-updated. Infrastructure systems and devices should be auto-updated when deemed safe or otherwise patched monthly. The person who installed the system is responsible for patching until responsibility is transferred explicitly to another person. If patches include critical security patches, those will be installed as soon as possible.
6. OWN PRODUCTS
Periodic product Security Reviews are kept and documented. Our Product Security Officer has been named and authorized to make decisions required to keep our products and services safe and secure.
6. SUPPLY CHAIN
Security of the supply chain, both subcontractors and technical dependencies, are considered regularly as part of the periodic Security Reviews.
As a notable exception, we cannot assume responsibility for the software or hardware security of charging devices.
7. ZERO-TRUST, REMOTE WORK AND DEVICE SECURITY
No matter where we work from, we should always assume that the environment itself can not be trusted. Don’t let others access the devices you use for work. If you have data to protect on any device or media it should be encrypted in case someone else gets physical access. If you have data to be protected on paper in plain text, always keep it in your hands or behind locks and shred it when done with it. Also keep in mind that it would be best not to have it on paper at all. Lets not keep extra sensitive data with us, only keep the bare minimum that you really need. When you have something sensitive on your screen, keep in mind that there might be prying eyes close by. When you talk aloud, remember that your voice might be heard around you, and snooped on the wire if the service is not end-to-end encrypted. Devices you use for work should automatically lock and require authentication if left idle. There are no trusted networks, all sensitive network usage should be end-to-end encrypted. Finally, in remote access and communications certificates or other mutual authentication should be used and required to make sure that both parties to communication are who or what they should be.
8. INCIDENT REPORTING AND MANAGEMENT
Suspected security incidents and major service interruptions are reported to the InfoSec team, CISO or to the supervisor. Suspected incidents are documented, and an Incident Log is kept. Owner or administrator of the affected data or service should be notified and will lead the incident response process.
9. ONBOARDING AND TRAINING
When you as a team member or contractor introduce new people or companies to work for or with us, it is your responsibility to make them aware of this security policy. When we make security training or instructions available, you should promptly familiarize yourself with the guidance. We follow an onboarding checklist for new employees and contractors.
10. CONFIDENTIALITY AND DATA PROTECTION
Databases, services or registries that contain personally identifiable information have up to date Confidentiality Policies. Applicable data protection legislation and regulation is followed. Personal data should never be collected without a reason and data retention should be planned and minimized both in volume and time. Our Privacy Policy for customer data collected via our website can be found at https://www.emabler.com/privacy-policy.
11. SECURITY ROLES, QUESTIONS AND LIST OF SECURITY DOCUMENTS
eMabler InfoSec team:
- Our Chief Security Officer is: Maria Hovila / Maria@emabler.com
- Security officer is: Ville Parviainen / ville@emabler.com
- Software / product security officer is: Kasper Nurminen / Kasper.nurminen@emabler.com
- CEO: Juha Stenberg / Juha@emabler.com
Customers, Staff & Suppliers: if you have any security concerns or note exceptions, want to create a security incident or have further questions on security related topics, please contact the InfoSec team(security@emabler.com).
Security, threats and risks are about the unexpected, and they constantly evolve. If ever in doubt, consult your eMabler InfoSec team members. There are no stupid questions.
These are eMabler’s security documents in place:
Note: This list might evolve with time. For details, please contact eMabler’s CISO.
eMabler Policies:
POL-1 Acceptable Use Policy
POL-2 Access Management Policy
POL-3 Antivirus Policy
POL-4 Application Security Policy
POL-5 Asset Management Policy
POL-6 Availability Policy
POL-7 Backup Policy
POL-8 Business Continuity Policy
POL-9 Change Management Policy
POL-10 Clean Desk Policy
POL-11 Code Of Conduct Policy
POL-12 Confidentiality Policy
POL-13 Configuration Management Policy
POL-14 Data Classification Policy
POL-15 Data Retention Policy
POL-16 Disaster Recovery Policy
POL-17 Encryption Policy
POL-18 Incident Management Policy
POL-19 Information Security Policy
POL-20 Logging And Monitoring Policy
POL-21 Mobile Device Policy
POL-22 Network Management Policy
POL-23 Password Policy
POL-24 Patch Management Policy
POL-25 Personnel Security Policy
POL-26 Physical Security Policy
POL-27 Remote Access Policy
POL-28 Risk Management Policy
POL-29 Sanctions Policy
POL-30 Social Media Policy
POL-32 Vendor Management Policy
POL-33 Vulnerability Management Policy
eMabler Procedures
PRO-1 Procedure for control of documented information
PRO-2 Management review procedure
PRO-3 Business Continuity and Disaster Recovery Procedures
PRO-4 Contact procedure with local authorities and special interest groups
PRO-5 Employee on- and offboarding procedures
PRO-6 Corrective action procedure
PRO-7 Internal Audit Procedure
PRO-8 Data backup procedures
PRO-9 Patch Management Procedure
PRO-10 Emergency Access to Data
PRO-11 Save disposal and re-use of IT equipment
PRO-12 Vendor Management Procedure
PRO-13 Procedure to Protect Intellectual Property
PRO-14 Guest Management Procedure
PRO-15 Information Security in Projects
Governance Documents
GOV-1 Information Security Context Requirements and Scope
GOV-2 Organizational Roles, Responsibilities And Authorities
GOV-3 Information Security Objectives & Plan
GOV-4 Risk assessment and treatment plan
GOV-5 Information Security Communication Plan
1. PURPOSE AND MOTIVATION
eMabler Oy has implemented an Information Security Management System (ISMS) to ensure its Information Management Systems continuity and protect its customer, employees and partner data in the event of security breaches and malicious attacks. The ISMS implemented by eMabler Oy is compliant with ISO/IEC 27001:2022, the international standard for information security.
Purpose of this security and privacy policy is to help the eMabler team and its contractors to protect eMabler’s customers, partners, team members, operations, know-how and other secrets. Furthermore, eMabler wants to be a significant net contributor to online security with a major positive impact.
Privacy, confidentiality and business continuity are top priorities to us as we are the care keepers and trusted service providers of the online security of our customers and personal end-users. Our customers expect a certain level of governance and security from us, in line with their own policies and practices.
2. UPKEEP
This policy is annually reviewed by the InfoSec team and approved by the Company’s CEO. Practice meets the policy and vice versa, in case of conflict they will be brought in sync.
Any deviations from this Security Policy are documented as Security Exceptions.
Present and future eMabler team and contractors will study this policy and be notified by the CISO / Security Officer when it changes.
3. ACCESS RIGHTS AND CONTROL
All services and devices require user authentication, no open access or community passwords are in use, except when documented and handled as a Security Exception.
All passwords are personal and unique between different services. Passwords are stored only in a safe and encrypted fashion.
Multi-factor authentication is enabled for all internal business services with confidential information.
Access rights to third party and online services, including social media accounts, used in connection with the company’s operations are separately tracked and documented in an Access Matrix. When the team or contractors take a new service in use, it is added to the tracking.
Devices – including both laptops and mobile devices – are configured to automatically lock and require login if left idle. If this is not feasible, then such equipment is documented as a Security Exception and operated only in an access-controlled space.
Physical spaces with unprotected equipment or information are physically access controlled and record of the current keys or access codes is kept in a Key Register. Our office Key Register is maintained by Maria01 office space administrators. Keys are given to the personnel only when there is an actual need. eMabler also has the confidentiality and clean desk policy enforced.
If a team member leaves the team or a contractor stops working for the team, then access rights and keys are immediately revoked or returned accordingly. Offboarding procedures, including revoking of access rights, returning keys and equipment, are done according to an offboarding checklist.
Adding and removing access rights is the responsibility of our owner or administrator of the system or third-party service in question. Supervisor of an employee or a subcontractor should contact and coordinate access rights with respective owners and administrators as part of the onboarding and exit processes. Access Matrix is updated when access rights are modified and reviewed as whole at least once per year in a periodic Security Review. Access rights are granted and revoked based on business needs only.
4. DATA STORAGE, RETENTION AND BACKUPS
All devices, mobiles, computers and removable media storing confidential information are configured to encrypt information at rest with disk or storage encryption. If not feasible for special purpose instruments, then such equipment is documented as a Security Exception and operated only in an access-controlled space.
Personally identifiable information has a defined data retention in the corresponding Data Retention Policy and it is not stored indefinitely unless explicitly so documented.
Online services we provide and sell have a Backup Policy. Distributed repositories, synchronised cloud storage and native backups of online services we depend on are used to safeguard our information and data. Ad hoc backups of devices or data that is not centrally stored are only taken to encrypted media and the media is kept either directly in the team's possession or in a physically access-controlled space.
When removable media or devices are no longer needed to store the data, they are wiped clean of the data before recycling.
5. OWN INFRASTRUCTURE AND PERSONAL DEVICES
Any own infrastructure (for example web servers, gitlab servers, VPN endpoints, IoT devices) and personal devices should be minimized, and they should have clear ownership. Initial installations should be minimal and when new services are added they should be firewalled and authenticated to limit access to authorized use. Personal devices should be auto-updated. Infrastructure systems and devices should be auto-updated when deemed safe or otherwise patched monthly. The person who installed the system is responsible for patching until responsibility is transferred explicitly to another person. If patches include critical security patches, those will be installed as soon as possible.
6. OWN PRODUCTS
Periodic product Security Reviews are kept and documented. Our Product Security Officer has been named and authorized to make decisions required to keep our products and services safe and secure.
6. SUPPLY CHAIN
Security of the supply chain, both subcontractors and technical dependencies, are considered regularly as part of the periodic Security Reviews.
As a notable exception, we cannot assume responsibility for the software or hardware security of charging devices.
7. ZERO-TRUST, REMOTE WORK AND DEVICE SECURITY
No matter where we work from, we should always assume that the environment itself can not be trusted. Don’t let others access the devices you use for work. If you have data to protect on any device or media it should be encrypted in case someone else gets physical access. If you have data to be protected on paper in plain text, always keep it in your hands or behind locks and shred it when done with it. Also keep in mind that it would be best not to have it on paper at all. Lets not keep extra sensitive data with us, only keep the bare minimum that you really need. When you have something sensitive on your screen, keep in mind that there might be prying eyes close by. When you talk aloud, remember that your voice might be heard around you, and snooped on the wire if the service is not end-to-end encrypted. Devices you use for work should automatically lock and require authentication if left idle. There are no trusted networks, all sensitive network usage should be end-to-end encrypted. Finally, in remote access and communications certificates or other mutual authentication should be used and required to make sure that both parties to communication are who or what they should be.
8. INCIDENT REPORTING AND MANAGEMENT
Suspected security incidents and major service interruptions are reported to the InfoSec team, CISO or to the supervisor. Suspected incidents are documented, and an Incident Log is kept. Owner or administrator of the affected data or service should be notified and will lead the incident response process.
9. ONBOARDING AND TRAINING
When you as a team member or contractor introduce new people or companies to work for or with us, it is your responsibility to make them aware of this security policy. When we make security training or instructions available, you should promptly familiarize yourself with the guidance. We follow an onboarding checklist for new employees and contractors.
10. CONFIDENTIALITY AND DATA PROTECTION
Databases, services or registries that contain personally identifiable information have up to date Confidentiality Policies. Applicable data protection legislation and regulation is followed. Personal data should never be collected without a reason and data retention should be planned and minimized both in volume and time. Our Privacy Policy for customer data collected via our website can be found at https://www.emabler.com/privacy-policy.
11. SECURITY ROLES, QUESTIONS AND LIST OF SECURITY DOCUMENTS
eMabler InfoSec team:
- Our Chief Security Officer is: Maria Hovila / Maria@emabler.com
- Security officer is: Ville Parviainen / ville@emabler.com
- Software / product security officer is: Kasper Nurminen / Kasper.nurminen@emabler.com
- CEO: Juha Stenberg / Juha@emabler.com
Customers, Staff & Suppliers: if you have any security concerns or note exceptions, want to create a security incident or have further questions on security related topics, please contact the InfoSec team(security@emabler.com).
Security, threats and risks are about the unexpected, and they constantly evolve. If ever in doubt, consult your eMabler InfoSec team members. There are no stupid questions.
These are eMabler’s security documents in place:
Note: This list might evolve with time. For details, please contact eMabler’s CISO.
eMabler Policies:
POL-1 Acceptable Use Policy
POL-2 Access Management Policy
POL-3 Antivirus Policy
POL-4 Application Security Policy
POL-5 Asset Management Policy
POL-6 Availability Policy
POL-7 Backup Policy
POL-8 Business Continuity Policy
POL-9 Change Management Policy
POL-10 Clean Desk Policy
POL-11 Code Of Conduct Policy
POL-12 Confidentiality Policy
POL-13 Configuration Management Policy
POL-14 Data Classification Policy
POL-15 Data Retention Policy
POL-16 Disaster Recovery Policy
POL-17 Encryption Policy
POL-18 Incident Management Policy
POL-19 Information Security Policy
POL-20 Logging And Monitoring Policy
POL-21 Mobile Device Policy
POL-22 Network Management Policy
POL-23 Password Policy
POL-24 Patch Management Policy
POL-25 Personnel Security Policy
POL-26 Physical Security Policy
POL-27 Remote Access Policy
POL-28 Risk Management Policy
POL-29 Sanctions Policy
POL-30 Social Media Policy
POL-32 Vendor Management Policy
POL-33 Vulnerability Management Policy
eMabler Procedures
PRO-1 Procedure for control of documented information
PRO-2 Management review procedure
PRO-3 Business Continuity and Disaster Recovery Procedures
PRO-4 Contact procedure with local authorities and special interest groups
PRO-5 Employee on- and offboarding procedures
PRO-6 Corrective action procedure
PRO-7 Internal Audit Procedure
PRO-8 Data backup procedures
PRO-9 Patch Management Procedure
PRO-10 Emergency Access to Data
PRO-11 Save disposal and re-use of IT equipment
PRO-12 Vendor Management Procedure
PRO-13 Procedure to Protect Intellectual Property
PRO-14 Guest Management Procedure
PRO-15 Information Security in Projects
Governance Documents
GOV-1 Information Security Context Requirements and Scope
GOV-2 Organizational Roles, Responsibilities And Authorities
GOV-3 Information Security Objectives & Plan
GOV-4 Risk assessment and treatment plan
GOV-5 Information Security Communication Plan


We create a more sustainable future by making eMobility more accessible with our Open EV Charging Platform.


Support Portal
Security & Legal
All rights reserved | © 2025 eMabler


We create a more sustainable future by making eMobility more accessible with our Open EV Charging Platform.


Support Portal
Security & Legal
All rights reserved | © 2025 eMabler


We create a more sustainable future by making eMobility more accessible with our Open EV Charging Platform.


Support Portal
Security & Legal
All rights reserved | © 2025 eMabler


We create a more sustainable future by making eMobility more accessible with our Open EV Charging Platform.


Support Portal
Security & Legal
All rights reserved | © 2025 eMabler


We create a more sustainable future by making eMobility more accessible with our Open EV Charging Platform.


Support Portal
Security & Legal
All rights reserved | © 2025 eMabler