0. Introduction of the Transparency Act

On 1 July 2022, the Transparency Act came into force. In mnemonic, we have established processes and routines for conducting due diligence assessments, for both of our suppliers and our business partners. The method and follow-up for due diligence are incorporated into our management system for Quality (ISO9001), Information Security (ISO27001) and Environment (ISO14001). Risk assessments are central when we evaluate the risks, and consequences, of violating decent working conditions and human rights - in our operations and our supply chain.

This statement is valid for the period 1 January 2024 to 31 December 2024. No breaches or risk of breaches of decent working conditions or human rights have been registered or uncovered during this period. Our management system for ISMS, quality, and environment is continuously developed in relation to the requirements and needs of our internal and external stakeholders, and during this period it has also been expanded to include the external environment. The measures that were implemented when the law came into force last year still appear to be functional and are followed up in accordance with the management system. This year's report has been updated with relevant documentation for the applicable period.

1. About mnemonic

What we do

mnemonic is a provider of cyber security services. We have been a trusted provider of effective measures against advanced cyber threats for more than 25 years, offering a complete and complementary range of IT and information security services. Our services and products cover the entire cyber security discipline, from risk, security and vulnerability assessments, monitoring and detection of security threats, threat intelligence, incident response and delivery and support of the latest security technologies.

How we work

At mnemonic, we have formulated a sentence expressing how we as a company should act. We have summarised this in the following expression - "Removing the guesswork from cybersecurity". In our work, this means that we apply scientific principles in everything we do, so that we always make informed decisions supported by objective analysis - not based on guesswork, the latest trend or commercial ties. This is how we at mnemonic approach the complexities we face and how we solve the real cyber security challenges our customers actually experience. This scientific approach is a hallmark of mnemonic, something that anyone who interacts with us, be it employees, customers, suppliers, competitors, business partners or anyone else will experience when dealing with us.

Our organisation

mnemonic is organisationally divided into four business areas in addition to sales, marketing, and administration, all of which report to the CEO. The CEO reports to the Board of Directors. The Board of Directors consists of 9 board members in addition to the Chairman of the Board. 3 of the board members are employee-elected representatives. The company’s highest authority is the general meeting.

mnemonic AS is a Norwegian security company established in May 2000. Our head office is in Oslo, with branch offices in Stavanger and Trondheim. In the Nordic region, we have a subsidiary in Sweden and a sales office in Denmark. In the rest of Europe, we have sales offices in the UK and the Netherlands. Our main markets are the Nordic region and Central Europe.

mnemonic's management system covers all main and support processes, and is certified according to ISO 9001:2015, ISO 27001:2022 and ISO 14001:2015.

Our social responsibility

mnemonic protects public and private sectors from foreign influence and exploitation, and we do this sustainably. We are aware of our social responsibility, and assist research institutions, authorities and the business community with active participation and contributions in research projects, sharing of threat intelligence, research fellowships, participation in forums within our field of expertise and other relevant social debate related to our domain.

We set clear requirements for ourselves, our employees and our suppliers through the company's Code of Conduct, a governing document with ethical guidelines for everything we do. The document emphasises our commitment to respect internationally recognised labour and human rights, our work in the fight against corruption and money laundering, and our focus on the environment and sustainability.

mnemonic’s work with sustainability (ESG)

Through our delivery of IT security services, we safeguard the digitalisation of society and protect critical public institutions as well as private organisations. The role our customers and partners play in society imposes particularly strict requirements on mnemonic as a reliable and long-term security provider. Therefore, integrity in all parts of our operations is essential to the company’s sustainability, with particular emphasis on data security and privacy. We also ensure that we meet these requirements by prioritising the professional development and well-being of our employees, as well as maintaining mnemonic’s independence and long-term financial stability.

In addition, we have implemented ISO 14001 as our environmental management system, and defined KPIs for our ESG efforts, including measurements of greenhouse gas emissions.

2. Risk mapping

Based on our due diligence assessments, there is limited risk in our operations of negatively impacting fundamental human rights and decent labour conditions.

Through systematic risk assessments, we have identified that the greatest risks relate to the procurement of products for resale or products and services for our own use (including transportation), as well as the hiring of personnel. The identified risks are documented in our management system and assessed based on the current situation and after implemented measures.

The risk of negatively impacting fundamental human rights or decent working conditions at mnemonic is considered to be very low. Competent, satisfied and committed employees are our most important resource, and we emphasis trust-based management, autonomy and high professional integrity.

The majority of shares in mnemonic are owned by the employees, which provides a unique opportunity to optimise working conditions in the company. We have a good and inclusive working environment that is reflected in high employee satisfaction, with a very low "turnover" rate of approx. 4%. mnemonic was also named Norway's best workplace by Great Place to Work in both 2022, 2023 and 2024.

3. Implemented measures

Our management system for information security and quality has been ISO certified since 2005 (ISO27001), 2013 (ISO9001) and 2024 (ISO14001) with annual audits. This means that the Transparency Act and our identified measures are incorporated into an already well-functioning and well-established system. All systematic follow-up of the measures mentioned is documented in procedures and implemented in our management system, and controls are carried out through annual internal and external audits. If blameworthy conditions and/or breaches related to decent working conditions and human rights are identified, these are registered and followed up in our internal case management tool.

To minimise any negative impact of the identified risks, measures have been implemented in our procedures for evaluating all active suppliers and business partners who supply products/services for resale and for internal use.

We require all new and existing suppliers that we use for resale of solutions and services to document decent working conditions and human rights. This is to prevent any breaches of decent working conditions and human rights. Based on the findings from our risk assessment, we place particular emphasis on the evaluation of potential negative impacts on human rights and decent working conditions at our suppliers of transport services, craftsman services and cleaning services for internal use.

If we are unsure about how suppliers and business partners impact the outside world, we require them to provide a statement and documentation, or to commit to our Code of Conduct through the use of the Supplier Code of Conduct. Suppliers and business partners also undergo a recurring evaluation for compliance. If they cannot document satisfactory compliance with basic human rights and decent working conditions, this may have consequences for the contractual relationship with mnemonic.

mnemonic is particularly vigilant and will avoid cooperation with suppliers and business partners operating from countries where there is an increased risk of human rights and decent labour conditions violations.

In normal cases, we will first try to influence the supplier to minimise the risk and repair any violations that have been committed. If it is discovered that mnemonic purchases goods or services from suppliers that have or may have a negative impact on human rights and decent working conditions, this shall be registered in our internal case management system for further follow-up. Management must also be notified, so that mnemonic can implement the necessary measures to limit negative consequences and possibly contribute to redress or compensation for those concerned.

These measures have helped to reduce the risk to a low level.

The Board of Directors of mnemonic has adopted our policy for the Transparency Act, and given the CEO of mnemonic AS the responsibility to comply with it.

If you would like further information, please contact mnemonic by sending an enquiry to [email protected].