Organization of information and data security

Governance and organization

The organization of information security and privacy within Fellow Digitals is formally defined to ensure clear governance, accountability, and effective integration of security and privacy into the organization.

Roles and responsibilities

Roles and responsibilities for information security and privacy are clearly assigned. Management holds overall accountability for establishing, maintaining, and improving the information security and privacy framework, including decision‑making on policies, risk appetite, and improvement priorities within the Information Security Management System (ISMS).

Operational and tactical responsibilities

Operational and tactical responsibilities are delegated to designated roles to support the consistent implementation of security and privacy measures. These roles contribute to activities such as risk management, incident handling, supplier oversight, and compliance with internal policies and procedures. This structure helps translate strategic objectives into day‑to‑day practice.

Independent oversight and privacy governance

Independent oversight forms an integral part of governance. Privacy compliance is monitored by the Data Protection Officers (DPO), who oversee adherence to applicable privacy legislation. In addition, internal reviews and advisory functions assess the effectiveness of controls and support continuous improvement of the ISMS.

Embedding information security and privacy in the organization

Information security and privacy responsibilities are embedded across strategic, tactical, and operational levels of the organization. This ensures that security and privacy considerations are part of business processes, project decisions, and daily activities, rather than isolated compliance topics. Employees are expected to follow applicable policies and to report security‑ or privacy‑related risks or incidents in accordance with established procedures.

Through this organizational structure, Fellow Digitals ensures that information security and privacy are not only formally governed, but also consistently applied and actively supported throughout the organization.