Nobina is the Nordic region’s largest and most experienced public transport service provider. Every day, Nobina ensures that people get to work, school or activities by delivering contracted public transport in Sweden, Norway, Finland and Denmark. The Group is industry leader in terms of profitability, development and promoting initiatives for a healthier sector.
As part of the chain of essential services, Nobina engages in, and actively strives to, protect the privacy and information about our passengers and PTAs (clients).
How we protect your information
Nobina has established processes, procedures and technical measures to proactively and reactively improve the level of security. All of these measures are designed to ensure that your information is managed securely and is not accessible to unauthorised individuals.
Nobina’s information security work addresses both technical and organisational safeguards and is conducted in accordance with good security practice inspired by the security requirements of ISO 27001/27002.
Work is coordinated and governed centrally by the Group’s information security function where the information security manager and IT security manager together with the data protection organisation establish policies and guidelines that are reflected in documented procedures and security measures.
Policies, regulations and security measures are based on information security risks and supplemented with legal requirements, such as the General Data Protection Regulation (GDPR) and other possible customer requirements, for example, requirements from our clients.
All of the Group’s companies and their operational units continuously carry out internal inspections with periodic supporting inspections from central functions.
An extract of Nobina’s safeguards relating to information security and the processing of personal data is presented below.
- Ensure an adequate level of protection for all the Nobina Group’s information assets in terms of confidentiality, accuracy and accessibility;
- Actively work to make information security an integrated part of the entire life cycle of the applications or services, including acquisitions, development, change, maintenance and distribution, that directly or indirectly affect services in the Nobina Group;
- Ensure that information security is an integrated part of all of Nobina’s processes;
- Ensure that essential IT processes, such as authorisation management, reliability and change management are documented, verified and traceable;
- Limit access to the Nobina Group’s information to only authorised individuals and regularly review access;
- Ensure that the Nobina Group’s information assets are secure from unauthorised physical access or damage, such as fire or power failure;
- Ensure there is a disaster recovery plan for information systems and infrastructure that directly, or indirectly, affect services in the Nobina Group;
- Have established procedures and methods for risk assessment and risk management;
- Have established rules for secure system development and guidelines for creating secure code;
- Have established information security rules for supplier relationships and managing security in supplier agreements;
- Have established rules for managing information security incidents and additional improvements;
- Train staff in security awareness; and
- Have established rules and procedures for review and compliance.