This is how we work with security at Northmill

Information security, IT security and data protection (GDPR)

At Northmill, protecting our customers’ data, transactions and digital services is fundamental to our business. Our work with information and IT security aims to protect Northmill’s systems and infrastructure and ensure that outsourced IT services are handled with the same high level of control and security.

High availability and strong security in our digital services are prerequisites for being able to deliver modern banking services. As technology develops and our services become increasingly digital, the scope and importance of information and IT security for Northmill also increase.

Our security framework is based on four fundamental principles: confidentiality, integrity, availability and traceability. Information and business‑critical systems must always support the needs of the business, while being secure and well controlled. The overall guidelines for information security at Northmill are set by the Board of Directors.

Data protection (GDPR)

Northmill processes personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR). We have clear processes, procedures and controls to ensure that personal data is processed lawfully, transparently and securely throughout its lifecycle.

You can find the Northmill Privacy Policy here.

Physical security

Northmill’s work with physical security includes, among other things, protecting technical equipment outside the office, fire safety, protection of employees in the workplace and office security. Physical safeguards complement our digital controls and ensure that critical information and assets are protected in all environments in which we operate.

Security is part of everything we do

Security is a shared responsibility within Northmill. Each employee is responsible for following our rules and instructions for the protection of information, and each manager is responsible for ensuring compliance within their area of responsibility.

Northmill conducts proactive and structured security work that addresses both internal and external threats. We have established processes for managing changes in our IT environment in order to reduce the risk of incidents and vulnerabilities.

We also work continuously to increase awareness of security risks among both employees and customers. This is done through recurring training for employees and consultants, internal and external information efforts, monitoring of the external threat landscape, clear instructions and active communication about current fraud schemes and other risks.

All employees and consultants at Northmill participate in recurring security training. We follow up and improve our security work through regular surveys and evaluations of both the work environment and the security culture.