Contact Us

+84 98 441 87 66

  • English
    • Japanese

Contact Us

+84 98 441 87 66

  • English
    • Japanese

Mannet

Security Policy


This policy describes the purpose and guidelines of ManNet information security policy, as well as the related responsibilities and organization.

In this policy, “information security” refers to ensuring the confidentiality, integrity, and usability of information regardless of its presentation method. This policy determines basic requirements for information security and lays the foundation for the planning and implementation of operations in line with the policy. In addition, more specific instructions for various areas of information security are prepared to support the implementation of the policy.

Information security is implemented and developed with a risk-based approach, using appropriate and cost-effective solutions. LTS Group and LTS ManNet assess annually whether the information security policy is appropriate.

Combined with ManNet value and the risk management, security, and data protection policies, the information security policy is an integral part of corporate governance at ManNet.

Purpose of the Information Security Policy

The primary purpose of information security is to ensure the continuity of ManNet’s operations under all circumstances. Appropriate and effective information security ensures the accessibility of IT solutions and the integrity of the information used in processes and services, as well as confidentiality, concerning ManNet’s operations under all circumstances in all operating countries. This policy lays the foundation for ensuring the security of ManNet’s information systems and data processing.

At ManNet, protecting customer data, as well as the data generated and processed by other digital functions is an essential part of responsible operations, which both our customers and partners expect from ManNet. The growth of digitalization means that information security is also increasingly regulated using legislation. Each ManNet employee in all operating countries must comply with the information security policy and its supplementary principles and instructions, as well as applicable laws.

Implementation of information security

Risk assessment

Information security risks are assessed and analyzed regularly based on their business impacts. Risks must also be assessed in the specification phase of new systems and connection with significant changes affecting the criticality of operations.

Data classification and processing

ManNet has an information classification method in place governing how information shall be classified, as well as determining information security controls for processing information in various classes.

Processing of personal data

The data protection policy and instructions determine how personal data is processed at ManNet.

ManNet’s system and application development processes include work phases to analyze the data protection requirements applicable to the purposes of the use of personal data. The applicable data protection requirements vary depending on the purpose of use of the personal data and information collected. The technical implementation is designed so that it corresponds to the risk level of the processing. Based on the risk level, management methods, and information security practices suitable for the situation are selected to manage risk levels and achieve compliance.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Information security requirements

ManNet’s information security requirements determine the minimum level of information security required from contractual partners. The required level of information security can be verified through audits, when necessary.

Information security training

ManNet has several regularly implemented measures in place to improve employees’ awareness of information security. These include online training, phishing message simulations, and intranet news, for example. In addition, selected groups are provided with targeted information security training.

Control and monitoring

Improving and maintaining the level of information security requires systematic and continuous automatic monitoring of information systems. The persons responsible for control are legally bound by confidentiality in terms of the information they process at work. The status of information security is reported in connection with normal internal control, as well as internal and external audits. Technical information security is assessed continuously, and separate information security audits are conducted in the most significant environments.

Processing of information security incidents

ManNet has procedures and services in place for detecting information security incidents. There are determined operating models for processing and reporting any information security incidents.

Information security breaches

Non-compliance with the information security policy and instructions is regarded as an information security breach. ManNet has determined procedures for situations involving breaches.

Responsibilities and organization

The information security policy is approved by ManNet’s Board of Directors.

The information security policy covers the operations of ManNet in all operating countries. ManNet personnel must comply with the policy. ManNet is responsible for implementing the policy and for ensuring sufficient resources in their operations.

The President and CEO are responsible for ensuring that ManNet has effective information security in place as part of its risk management system. In implementing information security, the President and CEO are supported by the Group’s IT and risk management functions. The Risk Management Steering Group, which also includes division representatives, processes and monitors the Group’s information security risks and the implementation of risk management measures. Responsibility for the implementation of information security lies with the management of business operations and common operations. It coordinates and develops information security processes and is responsible for reporting and practical implementation in cooperation with service providers, as well as identifying information security risks and determining management measures together with the business operations and common operations. Each member of ManNet’s personnel must recognize risks related to information security and react to such risks.

Information security steering model

The information security steering model is part of ManNet’s Risk Management steering model. By its rules of procedure, the Audit Committee of ManNet’s Board of Directors monitors and assesses the effectiveness of ManNet’s internal control, internal audit, and risk management systems, among other aspects. The Audit Committee reviews the Group’s most significant information security risks.