Logo

1. Confidentiality

The Act on Administrative Procedure (Administration Act) of 10 February 1967 has, in §13, provisions on confidentiality:

«Anyone who performs a service or work for an executive agency is obliged to prevent others from gaining access to or knowledge of what he or she is aware of:

  1. Any personal issues, or
  2. Technical devices and procedures, as well as operating or business relationships, which will be of a competitive importance if disclosed.

Personal issues do not include birthplace, date of birth and social security number, civil status, marital status, occupation, place of residence and place of work, unless such information discloses a client relationship or other matters that may be considered personal. The King may otherwise provide further information about what information is to be regarded as personal, about which organizations that may provide individuals with information as mentioned in the previous sentence and information about the individual's personal status as well as the terms for providing such information.

Confidentiality also applies after the person has terminated the service or work. He or she cannot utilize information as mentioned in this section in his/her own business or in service or work for others.

For violations of this provision, Section 121 of the General Penal Code of May 2, 1902 applies.


2. Administration and training

  • The individual is responsible for notifying any access to eSAM that is not in accordance with real need for eSAM support
  • The password should be changed as soon as possible if there is suspicion of disclosure (report to eSAM support)
  • The individual is responsible for notifying Bane NOR if he/she has not received sufficient training or has insufficient competence to use eSAM.

3. Use of equipment associated with external interaction solution

  • Personal equipment used against the external interaction solution must have sufficient security, including password must be strictly personal
  • Personal equipment must have enabled screen lock with a maximum of 5 minutes activation time
  • Personal equipment with access to eSAM shall not be used by anyone other than authorized users
  • Files from eSAM shall not be downloaded on personal equipment or otherwise stored or forwarded
  • Information sent to printers must be made in safe manner so that unauthorized users cannot access information
  • The individual is responsible for personal equipment not having unauthorized software
  • If a tablet is used, the user is responsible for not using unencrypted wireless networks

4. Delete or disposal of storage media

ICT equipment, such as PCs, memory sticks, external discs and other data storage devices with storage media, shall be delivered to an authorized organizational unit for deleting information and software when the device is no longer used.

5. Reporting security breaches or events

Users shall immediately report breach or suspicion of disclosure of sensitive information to the eSAM Management Secretariat (eSAM-Forvaltning@banenor.no).

For more information, contact

Steinar Øien
Chief Advisor Document Management in Projects in Bane NOR,
mobile phone +47 901 78 488

Jarle Braathen
CEO BIM2Share AS,
mobile phone +47 928 26 183