Context and regulatory compliance

Context and stakeholder analysis

Fellow Digitals performs context and stakeholder analyses to identify internal and external factors that may affect information security and privacy. These analyses take into account developments in legislation and regulation, technological changes, customer expectations, and dependencies on suppliers and other third parties. Relevant stakeholders are identified and their interests are considered to ensure that security and privacy measures remain appropriate and aligned with business and regulatory requirements.

Threat analysis

As part of this context analysis, a structured threat analysis process is applied. Potential threats to information security and privacy are identified and assessed to determine their relevance and impact. The outcomes support risk‑based decision‑making and the selection of appropriate controls. Where relevant, threat‑related information may be shared internally or with customers or suppliers, and additional requirements may apply for specific customer segments or regulatory regimes.

Regulatory compliance

Compliance with applicable laws, regulations, and guidance from supervisory authorities is addressed through a defined procedure. New or amended requirements are assessed for impact and translated into suitable measures within the Information Security Management System (ISMS). These measures may include updates to policies, procedures, contractual arrangements, privacy statements, or working practices.

Information classification and data retention

As part of regulatory compliance and context management, supporting controls are in place to ensure appropriate handling of information. Information is classified based on confidentiality, integrity, availability, and privacy impact, supporting consistent handling and access control. Retention periods are defined in accordance with applicable laws and regulations, including the GDPR, and internal requirements, ensuring that personal data is retained only as long as necessary for its intended purpose.

Document management, intellectual property and AI use

Policies, procedures, and records are managed through a structured document management process to support version control, availability, and traceability. Measures are also in place to protect intellectual property and ensure compliance with licensing and ownership requirements. In addition, guidelines govern the responsible use of AI tools, with attention to information security and privacy considerations.

Together, these activities ensure that regulatory compliance, risk awareness, and information protection are embedded in day‑to‑day operations within the ISMS framework.