Serious vulnerability in common software Log4j

A serious vulnerability been discovered in Log4J, a common software that is in general use. Log4j (CVE2021-44228) is an open-source Java logging library and is part of the Apache environment.

More information can be found here.

In accordance with Hugvit’s procedures (ISO 27001), Hugvit’s experts began to analyze the situation as soon as a notification was received to respond and find solutions with the aim of eliminating this threat.

At this point, there are no indications that updates to Hugvit’s GoPro Foris systems are needed due to these vulnerabilities, but if vulnerabilities are identified during further review, they will be addressed.

The risks associated with these security vulnerabilities will continue to be identified, including those who use other technologies (JAVA) and come up with updates or recommendations, if needed.

We are in good communication with our suppliers regarding this issue and will work on solutions in collaboration with them.

GoPro Foris Contract Management

Contract management and overview of contract lifecycle is crucial for every business. The GoPro Foris Contract Management solution gives a complete overview and control over contracts. The workflow for contracts is completed in GoPro Foris, when the signing is finished, the contracts are monitored during their lifetime. When the number of contracts increases, it becomes difficult to keep track of all the dates, actions, and decisions associated with each contract. The GoPro Foris Contract Solution is designed to solve this problem, sharpen the insight, and improve monitoring.

GoPro Foris Contract Solution manages contracts, the classification and storing them in a central system with the access control needed. The Contract Solution is designed to handle the financial obligations related to each contact.

Benefits of the GoPro Foris contract solution:
• Coordinated management of contracts, total overview of conclusions and follow-up
• Registration of guarantees, suppliers and signatories
• User friendly registration of standard contracts based on MS Office stylesheets
• Access controls that support different user access permissions

By registering financial responsibilities, amounts, stakeholders, and termination provisions users will have an end-to-end overview of all contracts in GoPro Foris. The contract solution provides effective management of interactions during the whole process of the contract during the contract period. Now there is also possible to add digital signatures to the contract that come in handy in the times of COVID.

Effective contract management results in improved operations and positive relationships with customers and partners. The contract Solution is easy to add to GoPro Foris case- and document management solution.

Contact us and get an introduction to the GoPro Foris Contract Solution.

Business Continuity Plan – COVID 19

In light of the risk posed by the COVID-19 virus GoPro/Hugvit wish to inform all our customer that the company has in place a Business Continuity Plan as part of our ISO 27001:2013. We have reviewed this plan and are taken the following COVID-19 specific measures:

Employees showing signs of symptoms related to COVID-19 or has been in close physical contact with someone showing symptoms, will be required to work from home for 14 days, in accordance with government policies.

As a part of the further actions taken are:

  • We are ensuring that key employees have access to appropriate, secure equipment at home and have the necessary access and tools to fulfil their duties remotely from home.
  • A substitute has been appointed for all key employees within the organization.
  • We have placed extra hand-sanitizers stations around our offices as well as increase office cleaning.
  • We will prioritize the use of on-line meetings and on-line service in our operation.
  • We are implementing new travel rules, stopping travel to high-risk areas and introducing a mandatory 4 days stay at home for employees returning from travel.

GoPro has an operation in several countries and will transfer workload between offices as needed at any time to ensure service level and availability.

If our business will be significantly affected by COVID-19, we will update this information as needed on our website www.gopro.net and www.hugvit.is

GoPro’s operations are ISO 27001 certified for information security

Information security is one of the cornerstones of software development at GoPro. The importance of security in information technology has grown in recent years, and GoPro has set an ambitious goal to support and meet these increasing demands.

A milestone was reached when the information security management system (ISMS) for GoPro Case Management Software Solutions was certifiedby the British Standard Institutions (BSI) in Iceland. BSI audited the system according to the ISO 27001: 2013 standard of information security last year. This certification recently passed another inspection, confirming the successful adoption of the certified processes, which cover product development, consulting, services and hosting.

“Information and data loss is one of the biggest threats that companies and organizations need to deal with today, so it’s important for companies to protect information about the companies themselves and customer relations. The information security management system that complies with the requirements of ISO 27001: 2013 is a managed method of managing confidential information that concerns the company so that it stays safe. It helps companies identify current and potential vulnerabilities in information security and enables the company to take action before damage occurs. ”
– BSI

Regular review is an essential part of maintaining the validity of such certifications. Handbooks and quality documents are of little use if they are not maintained and applied. GoPro set a goal of embracing information security as an integral part of the company culture, so that security is a seamless part of daily work. That approach required extensive preparation and the involvement of every department, with proven success.

“This certification in the field of ISO 27001 information security is important to us. We worked hard to document and review all our information security activities, in compliance with this international standard,”  states Helga Ingjaldsdóttir, CFO and Board member Hugvits.

“Information Security is one of today’s greatest IT challenges. GoPro’s ISO 27001 certification is a mark of our commitment to be at the forefront of development and service of reliable and secure solutions. It is a landmark in ensuring the security of our customers’ data both in software development, hosting and service, as well as our business operations. For companies that sell solutions worldwide, it’s an essential part of building trust in the company.”

The ISO 27001: 2013 standard was implemented in accordance with GoPro’s internal security policy, which pertains to development, services, consulting, hosting, project management and operation of information systems, and works to secure the confidentiality, integrity, availability and security of important information.

What is ISO 27001?

The ISO 27001 standard deals with information security, specifies requirements for implementation, maintenance and continuous improvement of information systems and their management in accordance with best practices.

The standard also includes requirements for evaluation and management of security features tailored to the nature of the companies.

 

GoPro has been Cyber Essentials certified

Cyber Essetials

We are happy to announce that GoPro has achived Cyber Essentials certification.

The Cyber Essentials Scheme has been developed by UK government and industry in order to provide a sound foundation of cyber hygiene measures, in order to significantly reduce an organisation’s vulnerability and mitigate the risks from internet-based threats.

The Cyber Essential Sheme covers the core requirements for firewalls and Internet gateways, security configuration, user access controls, malware and patch management. Systems that fall within the scope of the Cyber Essentials Scheme include devices such as PCs, laptops and mobile devices, as well as email, Web and application services and Internet-based services.

By successfully certifying against the Cyber Essentials Scheme, GoPro has demonstrated that we have implemented measures to lower the risk of serious data and financial loss, as well as demonstrate to our customers we have taken steps to be fundamentally cyber safe.

Further information here.