Cloud2 Information Security Policy

Introduction
At Cloud2 Oy, we recognize the critical importance of information security in our operations and services. Our commitment extends beyond our organizational boundaries, ensuring the security and reliability of services we provide to our clients. As an integral part of our business way of working, information security is not just a separate process, set of rules or technology but is embedded in our everyday activities as a reflection of our commitment to protecting the information assets that are critical to our success. This policy is a reflection of our commitment to protecting the information assets that are critical to the success of our clients and our operations.

Governance and Responsibility
The governance of our information security is led by the CISO strongly supported by top management team.  Information security at Cloud2 is governed by Information Security Management System and we are committed to continually improve it. The CISO is responsible for the leadership of our security strategies, ensuring alignment with business objectives and adapting to evolving cybersecurity landscape. Strategic oversight and ultimate responsibility for information security rest with the CEO, management team and the Board of Directors, who endorse and integrate the information security policy into Cloud2’s broader strategic framework, emphasizing its importance at the highest level. Operational responsibilities are delegated to designated experts, who ensure policy adherence and implementation. Furthermore, every Cloud2 employee bears a personal responsibility to uphold our security standard.

Incident Management and Response
Our proactive stance extends to incident management, where we have established processes to quickly and effectively respond to and manage security incidents, minimizing their impact.

Policy Review and Endorsement
This policy is subject to annual review twice a year and approval by our management team and board of directors, ensuring its relevance and effectiveness in meeting our security objectives and compliance requirements.