Transparency Act: due diligence assessment
1. About mnemonic
What we do
mnemonic is a provider of cyber security services. We have been a trusted provider of effective measures against advanced cyber threats for more than 20 years, offering a complete and complementary range of IT and information security services. Our services and products cover the entire cyber security discipline, from risk, security and vulnerability assessments, monitoring and detection of security threats, threat intelligence, incident response and delivery and support of the latest security technologies.
How we work
At mnemonic, we have formulated a sentence expressing how we as a company should act. We have summarised this in the following expression - "Removing the guesswork from cybersecurity". In our work, this means that we apply scientific principles in everything we do, so that we always make informed decisions supported by objective analysis - not based on guesswork, the latest trend or commercial ties. This is how we at mnemonic approach the complexities we face and how we solve the real cyber security challenges our customers actually experience. This scientific approach is a hallmark of mnemonic, something that anyone who interacts with us, be it employees, customers, suppliers, competitors, business partners or anyone else will experience when dealing with us.
Our organisation
mnemonic is organisationally divided into four business areas in addition to sales, marketing, infrastructure and administration, all of which report to the CEO. The CEO reports to the Board of Directors. The Board of Directors consists of 9 board members in addition to the Chairman of the Board. 3 of the board members are employee-elected representatives.
The company's highest governing body is the general meeting. mnemonic AS is a fully owned Norwegian security company established in May 2000. Our head office is in Oslo, with branch offices in Stavanger and Trondheim. In the Nordic region, we have a subsidiary in Sweden and a sales office in Denmark. In the rest of Europe, we have sales offices in the UK and the Netherlands. mnemonic is also established in the USA. Our main markets are the Nordic region and Central Europe.
mnemonic's management system covers all main and support processes, and is certified according to ISO 9001:2015 and ISO 27001. ISO 9001:2015 and ISO 27001:2013 standards.
Our social responsibility
mnemonic protects public and private sectors from foreign influence and exploitation, and we do this sustainably. We are aware of our social responsibility, and assist research institutions, authorities and the business community with active participation and contributions in research projects, sharing of threat intelligence, research fellowships, participation in forums within our field of expertise and other relevant social debate related to our domain.
We set clear requirements for ourselves, our employees and our suppliers through the company's Code of Conduct, a governing document with ethical guidelines for everything we do. The document emphasises our commitment to respect internationally recognised labour and human rights, our work in the fight against corruption and money laundering, and our focus on the environment and sustainability.
Introduction of the Transparency Act
On 1 July 2022, the Transparency Act came into force. In mnemonic, we have established processes and routines for conducting due diligence assessments, for both of our suppliers and our business partners. The method and follow-up for due diligence are incorporated into our management system for Quality (ISO9001) and information security (ISO27001). Risk assessments are central when we evaluate the risks, and consequences, of violating decent working conditions and human rights - in our operations and our supply chain. This Statement is valid for the period 1 July 2022 to 31 December 2022.
2. Risk mapping
Based on our due diligence assessments, there is limited risk in our operations of negatively impacting fundamental human rights and decent labour conditions.
Through systematic risk assessments, we have identified that the greatest risks relate to the procurement of products for resale or products and services for our own use (including transportation), as well as the hiring of personnel. The identified risks are documented in our management system and assessed based on the current situation and after implemented measures.
The risk of negatively impacting fundamental human rights or decent working conditions at mnemonic is considered to be very low. Competent, satisfied and committed employees are our most important resource, and we emphasis trust-based management, autonomy and high professional integrity.
The majority of shares in mnemonic are owned by the employees, which provides a unique opportunity to optimise working conditions in the company. We have a good and inclusive working environment that is reflected in high employee satisfaction, with a very low "turnover" rate of approx. 4%. mnemonic was also named Norway's best workplace by Great Place to Work in both 2022 and 2023.
3. Implemented measures
Our management system for information security and quality has been ISO certified since 2005 and 2013 respectively, with annual audits. This means that the Transparency Act and our identified measures are incorporated into an already well-functioning and well-established system. All systematic follow-up of the measures mentioned is documented in procedures and implemented in our management system, and controls are carried out through annual internal and external audits. If blameworthy conditions and/or breaches related to decent working conditions and human rights are identified, these are registered and followed up in our internal case management tool.
To minimise any negative impact of the identified risks, measures have been implemented in our procedures for evaluating all active suppliers and business partners who supply products/services for resale and for internal use.
We require all new and existing suppliers that we use for resale of solutions and services to document decent working conditions and human rights. This is to prevent any breaches of decent working conditions and human rights. Based on the findings from our risk assessment, we place particular emphasis on the evaluation of potential negative impacts on human rights and decent working conditions at our suppliers of transport services, craftsman services and cleaning services for internal use.
If we are unsure about how suppliers and business partners impact the outside world, we require them to provide a statement and documentation, or to commit to our Code of Conduct through the use of the Supplier Code of Conduct. Suppliers and business partners also undergo a recurring evaluation for compliance. If they cannot document satisfactory compliance with basic human rights and decent working conditions, this may have consequences for the contractual relationship with mnemonic.
mnemonic is particularly vigilant and will avoid cooperation with suppliers and business partners operating from countries where there is an increased risk of human rights and decent labour conditions violations.
In normal cases, we will first try to influence the supplier to minimise the risk and repair any violations that have been committed. If it is discovered that mnemonic purchases goods or services from suppliers that have or may have a negative impact on human rights and decent working conditions, this shall be registered in our internal case management system for further follow-up. Management must also be notified, so that mnemonic can implement the necessary measures to limit negative consequences and possibly contribute to redress or compensation for those concerned.
The measures introduced have helped to reduce the risk to a low level.
The Board of Directors of mnemonic has adopted our policy for the Transparency Act, and given the CEO of mnemonic AS the responsibility to comply with it.
If you would like further information, please contact mnemonic by sending an enquiry to [email protected].