Heinstaden Bostad - Corporate Governance

Cyber Security

We apply a risk-based cybersecurity and information security framework, aligned with recognised industry standards, to protect the confidentiality, integrity and availability of information and technology assets. This includes preventive, detective and responsive controls covering monitoring, third-party risk management, backup and disaster recovery, and business continuity.

Employees complete mandatory cybersecurity and information security awareness training on an ongoing basis. Additional guidance is provided to employees with specific access or security-related responsibilities. This training helps employees identify, report and respond appropriately to cyber and information security risks.

Cyber risk, vulnerabilities and emerging threats are continuously assessed. Heimstaden Bostad maintains incident response and recovery processes designed to contain security incidents, minimise business impact, meet applicable notification requirements and restore affected services in a controlled manner.

The CISO is responsible for maintaining and overseeing the implementation of the Cyber and Information Security Policy across the organisation. The policy supports secure business operations, regulatory compliance, and operational resilience by aligning cybersecurity activities with Heimstaden Bostad’s business objectives and risk management framework. Significant cybersecurity risks and security matters are reported through Heimstaden Bostad’s executive governance structures as part of overall risk oversight.