As the leading provider of technology and services within payroll and HR in the Nordics, we want to ensure that our customers are always supported by safe, secure solutions. As information security is the utmost important element of all digital business, we want to ensure safe and secure processing of your data. We want to be your trusted partner and the security and privacy of your data is one of our top concerns.
We continuously look for ways to improve our product and platform performance and protect the privacy of your and your customers’ data and prevent it from unauthorized access at all time. Our compliance program is here to help meet your organization’s compliance needs and we rely on industry best practices to get you there.
We review and update security policies regularly, provide security training, perform application and network security testing, monitor compliance with security policies and conduct internal and external risk assessments.
Our goal is to help you understand our commitment to comply with applicable privacy legislation, including GDPR. Aditro Trust & Privacy Trust Center provides you more information on our security and quality management.
Security, Privacy and Quality
You can trust your data with us.
Security Risk Management
Information security risks are part of Aditro’s risk management scope. Each organizational unit identifies security risks in their daily work, together with top-to-bottom risk management for high-level risks. The risks are managed in accordance with the ISO 31000 framework.
We believe that skilled and trained employees are the first line of defense against financial fraud and phishing attempts. In addition to mandatory annual security training, Aditro offers training for technical tools and security best practices throughout the entire organization, at all locations.
Information security starts with architectural design. We first ensure that security can be guaranteed on a design level, and then using various technical solutions we establish layered security defense and monitoring to protect assets like customer data. Daily operations include various security checks, alarms and audits to ensure the designed security levels are maintained.
Read more in Aditro’s Global Security Policy
Aditro recognizes the importance of Personal Data and of respecting the privacy rights of individuals. Due to the nature of our business almost all the data that we handle has its origin in the employment relationship between our customers and their employees. The data that follows from such a relationship can be sensitive and therefore deserves special care. Aditro is committed to integrating privacy in its products and services so that our customers are able to be compliant in using our offerings.
A set of policies, processes and instructions are trained to relevant business units to ensure everyone working with data understands the value of data and how such data should be treated. Specific policies are related to data processing operations and data life cycle phases so data is protected at each moment in time. Processes ensure that specific data subject requests are managed accordingly and that removal processes are performed for outsourcing services.
Privacy is not only a set of rules, it is a cultural mindset that should be deeply entrenched within all lines of business. The Governance Framework ensures responsibilities are defined, not only in relation to rules but also in relation to data.
A set of controls ensures we follow up and measure performance to continuously improve our Privacy standards.
The correct treatment of data in relation to requirements is handled through a standard classification that relates to all data we process on our customers behalf. Adding intelligence to data compounds our understanding and simplifies data management.
Aditro invests to the quality and compliance in its products and operations, to ensure customer satisfaction. Aditro Business Management System covers the whole Aditro Group (i.e all companies and Nordic premises), containing the controlled processes and documentation for:
- Quality (e.g ISAE 3402 type II reporting)
- Security (ISO 27001:2013)
- Data Privacy (ISO 27701:2019)
- Environmental Management (ISO 14001:2015)
- Risk management (ISO 31000:2015)
- Business Continuity (ISO 22301:2012)
Together with the centralized management and reporting, each Aditro area ensures the compliance and regulative obligations are met.
Aditro’s core values are “Leading”, “Committed” and “People Centric”. Our aim is to be Leading and Committed also in environmental aspects by operating in compliance with requirements of ISO 14001. As a service and applications provider, Aditro’s major impact on the environment is set by actions and decisions made by people. Aditro as a company commits to a responsible way of conducting its own business operations and protect the environment.
We evaluate suppliers environmental impact (Our hosting partner Elisa commits to environmental responsibility and sustainability in their data center operations)
We aim to reduce our environmental impact in our operations
Our operations are certified with ISO 14001
Read more from our Environmental policy.