Trust
Trust is an integral part of our DNA
At Emento, we work to create the foundation for good communication between citizens and the public sector. One of the prerequisites for our business is trust that digital communication of personal data is handled correctly. This means we need to be on top of data security, data protection, and data ethics.
Therefore, at Emento, we constantly focus on ensuring that our services comply with the established standards for good IT practices, including GDPR. If there is no trust in our handling of sensitive personal data, Emento will lose what we consider our 'License to Operate'. Therefore, trust is a crucial part of the DNA in our services and our business model.
Because we work with patient data, we set high standards for ourselves, but we believe that all companies will have to address some of the same ethical questions as the world becomes more digital.
We have a mantra - We treat your data the same way we want our own data to be treated.
As a patient and citizen, you often need our solution in situations where you are especially vulnerable and where there is a need to share sensitive data.
Emento primarily views IT security and data ethics as a 'hygiene factor.' Things simply need to be in order. IT security, data protection, and information security are what we must do, data ethics is what we want to do - a choice. Both are prerequisites when delivering a service to the healthcare sector.
At Emento, data ethics is part of the work we call TRUST
TRUST doesn't mean anything more advanced than 'trust,' but it is absolutely essential and encompasses data ethics, data protection, GDPR, information security, cybersecurity, compliance, and other aspects that may influence trust between us and our stakeholders.
This requires us to constantly maintain a high level of responsibility, security - and that our customers have complete trust in our solution. Therefore, since 2017, we have been working diligently with data ethics in all aspects of our company.
This means that we take care of what happens in the value chains, protecting both those who use our data - and those who provide data to us.
In short, we take responsibility for other people's rights when it comes to data.
The biggest challenge is clearly delineation - that is, identifying and handling data ethical dilemmas. It requires that we dare to say yes and no.
With artificial intelligence, which we now have involved - and growing datasets, we need both courage and insight to identify and use data in many different - and many completely new ways, each requiring a separate decision-making process.
Read more here:
ISAE 3000 - GDPR
Once a year we have an internationally recognised auditor's report. To obtain the statement, a group of external auditors review all our processes and controls, which are related to the GDPR. The ISAE 3000 statement is our documentation and your assurance - that we comply with all applicable legislation on data protection. We strive to make the latest statement available on this site in May.
ISAE 3402 II
Information security, and IT security in particular, also plays a key role in our work to ensure the availability, confidentiality and integrity of our services. That is why - in addition to the ISAE 3000 declaration - we have an ISAE 3402 declaration drawn up. This statement focuses on our risk-based approach to information security management. Here, the auditors base their work on the IT controls described in the ISO27001 standard. For this statement, we also aim to make the latest version available on this site in May.
DPO stands for Data Protection Officer, and Tilde is the person at Emento who spars with management and employees about everything related to GDPR (the General Data Protection Regulation in the EU). Emento collaborates with an external DPO from DPO - Danmark, but Tilde is the one who internally monitors that all rules are followed and that information and IT security is in focus.
Meet Tilde at LinkedIn