GleSYS shall develop, market and provide our customers with secure, flexible and climate-smart hosting, network and operating services that contribute to our customers' success and reduce their impact on the environment.

Accessible and intact information that, on behalf of our customers and their customers, is conveyed in a safe and environmentally friendly manner forms the basis of our business. For this reason, GleSYS works systematically with continuous improvements in the fields of information security, quality and the environment.

At GleSYS, we are guided by the commitment, competence and professionalism of our employees. We are the ones who meet our customers every day and have first-hand information about their priorities and understand their needs.

Based on the value words honesty, respect and responsiveness, each individual employee, our various teams and our company, shall think proactively in the form of sound, regular and process-based risk analysis.

By means of active risk management, we shall work to identify suitable information, safety and quality objectives as well as essential environmental aspects so we can act responsibly according to legal and customer requirements and in a way that guides the sector to a safe and sustainable future.

GleSYS's intention with information security and quality management is to ensure the efficient provision of information, secure management of information assets and to avoid errors that affect the ability to conduct practical business. The work on information security and quality is systematic and long- term. Information assets concerns all information without exception.

One precondition for working with information security and quality is that a good security culture permeates the entire business. This not only means that employees have a good knowledge of the security and quality rules that apply, but that they also take personal responsibility for critically questioning and reporting events that could affect security and quality according to guidelines and work procedures.

GleSYS follows good practice in the areas of Information Security and regulatory requirements, such as the General Data Protection Regulation (GDPR) and the Swedish Post and Telecom Agency's guidelines regarding critical infrastructure (NIS Directive).

GleSYS works with management systems for information security based on the regulatory requirements and ISO 27001 as well as recommendations from Swedish authorities.

GleSYS classifies, values and prioritises, as well as managing, information assets based on the business's and customers' requirements for accuracy, confidentiality, availability and traceability.

• Accuracy – Information cannot be changed by unauthorised persons, accident or disruptions in IT systems or operations. The information shall be reliable, accurate and complete.


• Confidentiality – Information in documents and IT systems shall always comply with the applicable legislation, regulatory and customer requirements as well as internal and external rules regarding ethics and confidentiality and shall not be made available or disclosed to unauthorised persons.


• Accessibility – The information shall be usable as needed to the extent expected, within the desired time and in the right place. GleSYS's goal for information security management is for intact information to be available to the intended person at the intended time.


• Traceability – Significant events during the processing of information in important information systems shall be traceable. It shall be possible to trace specific activities or events to an identified object, such as a document, user, component, physical location or IT system. It shall be possible to see the changes that have been made and by whom they were made.

GleSYS works with continuity planning and has contingencies for outages. Critical operations shall be maintained at the agreed level during different types of disruption, interruption or crisis situations.

GleSYS takes into consideration the security requirements of customers during procurements and monitors that these requirements are met when developing, using and decommissioning IT systems. When it is our responsibility, we shall pay attention to and report events affecting information security to the parties concerned.

By ensuring a good level of systematic information security management it is possible to comply with legislation and regulatory requirements, to maintain critical operations, minimise information leaks, limit costs for quality deficiencies as well as to contribute to strengthening confidence in GleSYS's mission and brand. Skyddet av informationstillgångar ska vara utformat så att verksamhetens krav på säkerhetsaspekter uppfylls. The protection of information assets shall be designed in a way that meets the security requirements of the business. This also applies when GleSYS’s information or information systems are managed by an external party (for example, payment switches and analysis tools).

The basis for our environmental management is to protect the environment by a conscious use of renewable resources in as far as this is possible, compliance with applicable legislation and social requirements as well as avoiding the use of environmentally destructive products.

By working to increase the energy efficiency of our operations, and actively helping our customers to reduce their energy consumption, at the same time as we ensure that the excess heat from our business is utilised, we are taking responsibility for conducting our business responsibly and profitably while contributing to a sustainable future.

GleSYS shall be at the forefront of sustainable IT operations, which we do, for example, by:

• We choose electricity that is not only renewable, such as wind power and hydropower, but also helps to reduce the impact of the electricity production on the environment, climate, plants, animals and people – which we guarantee by ensuring that the electricity to our Data Centres is certified according to a recognised eco-label e.g. The Swedish Society for Nature Conservation's "Bra Miljöval".
• At the minimum, we comply with current legislation and guidelines but we are working to be industry leaders.
• Our new data centres recover excess heat to heat nearby homes via local district heating networks.
• We place environmental requirements on our suppliers and partners.
• Worn out equipment is recycled and is replaced, as far as possible,by more energy-efficient alternatives.

In addition, we aim to minimise our environmental impact in our daily operations by:

• Travelling climate smart
• Sorting waste by source in our offices
• Actively communicating our environmental work in the organisation

Our work with sustainability and the environment is a continuous journey in progress.

Approval date: 31 August 2021