Information Security Policy

StepStone has decided on a level of security that is in balance with risks and risk significance and that complies with legal requirements and concluded agreements, as well as licensing terms. The use of information and information assets is subject to various standards and guidelines.

StepStone organises and maintains a number of organisational, administrative and IT-related precautions in order to prevent data from being accidentally or unlawfully destroyed, lost, damaged, transmitted to unauthorised persons, misused or otherwise handled against currently applicable rules and regulations on the processing of personal data.

We uphold the security measures described in this document at all times.

Briefing of employees

StepStone will brief the relevant employees on good data processing practices and working methods, and will ensure that the employees are informed about their duty of confidentiality.

Conditional access and administration of user access

Access to personal data is limited to employers whose work is contingent on their ability to process personal data. Only the individuals who are authorised for this purpose will be given access to the personal data.

StepStone keeps a list of authorised employees which specifies the type of access their authorisation includes. Our list of authorised employees is updated on an ongoing basis. When an employee’s term of employment has come to an end, their user access will be suspended or cancelled immediately.

Physical security

The StepStone premises are protected by a physical access control system that limits the risk of unauthorised access. Operations are conducted in facilities that are protected from damage caused by physical conditions such as fire, water damage, power failure, theft or vandalism.

Network and communication security

StepStone uses firewalls to protect our systems and networks. In addition, we use encryption to protect data when it is transmitted over the Internet.

Operational procedures and responsibilities

StepStone uses a market-leading antivirus product to protect against malicious software on all Windows-based computers and servers. StepStone backs up configuration files and data with appropriate frequency and periodically conducts tests to ensure that backed-up data can be restored.

We keep a log of all relevant incidents in the systems. The log focuses on the actions of users, errors that have occurred and information that can be used to diagnose problems.

In addition to this, StepStone keeps a detailed personal data log of which individuals have viewed other individuals’ personal data and what personal data was viewed.