Security and Privacy principles in Jyske Bank
Protecting our customers’ information and assets is among our top priorities. We continuously strive to improve our security level to protect data that are trusted with us as well as securing any communication activity between us and our customers and stakeholders, respectively.
Security as an integral part of our work culture
We integrate security measures into all our processes when customer- and personal data are involved. We focus on building and maintaining a strong culture within all employees to aid their attention to keeping data safe. This is obtained through scheduled awareness and targeted training against relevant segments of our organization, i.e. developers shall have fundamental training, which enables them to produce secure products that protect customer and personal information. Our training material spans multiple topics, including e-learning covering IT security, handling of personal information, AML and more. The aforementioned topics are mandatory for all employees to complete within an annual to bi-annual cycle.
While we regard our personnel as being the most critical asset in terms of protecting us against cyber threats and avoiding data breaches, we maintain safeguards that are comprised of physical, digital and procedural measures.
Physical security comprises secure and safe buildings, all featuring access control. Some facilities employ multiple levels of access control for various sections of a building as well as monitoring
Electronic and digital safeguards consist of elementary security infrastructure and security architectural principles laid out in a defense-in-depth implementation strategy. They are, for instance (non-exhaustive), perimeter firewalls, firewalls surrounding various network enclaves, multiple instances of AV, reputation based web filters, rulebased filters, intrusion detection etc.
Further, we employ a security operations centre, which monitors cyber threats and anomalies that indicate compromise.
Jyske Bank is a member of the Nordic Financial CERT, a security alliance among financial institutions in the Nordics. This membership further boasts the security posture of our company enabling us to share fraud indicators, threat intelligence and collaborate in the event of suspicious patterns or cyber attacks.
Procedural measures to leverage security are comprised of a wide palette of best practice IT operations procedures and development practices that include mandatory test phases and security & risk assessments.
Data security, privacy policies and organizational enforcement
Subject to financial legislation and data protection legislation, our adoption of regulatory requirements and our frameworks for enforcing these are laid out in a set of internal policies which are supported by business procedures, guidelines and rules. Two policies set the frame for data security and privacy – they are the IT Security Policy and the Data Protection policy.
The policies are enforced and implemented via a three lines of defence structure as depicted here:
Diagram depicting organizational bodies which are responsible for security and privacy
Further reading about security and data privacy
- Data Protection officer responsibilities
- Chief information security officer responsibilities (Under construction)
- Internal and external audit responsibilities
- Process for data breach handling