Systembolaget wants to ensure trust, transparency, and clear rules for data usage within the PCF (Product Carbon Footprint) process. The following documents aim at doing so by describing how Systembolaget intend to use the data that is submitted, as well as how Systembolaget works with protecting that data. There is also a section in the FAQ dedicated to data security.
This protocol explains how Systembolaget handles and uses Product Carbon Footprint (PCF) data submitted via the CarbonCloud platform. It outlines the types of data collected, intended use cases, and clear boundaries for how the information may be used internally and externally. Initially, all use is limited to internal analyses, with no external communication or strategic application allowed until specific conditions are met. The protocol ensures transparency and gives Data Contributors full visibility and control before any broader use of their data. Future use of PCF data for external or strategic purposes will only occur once data quality standards are established and contributors have had time to review their results.
This document is provided for informational purposes to current and prospective suppliers and contributors. While the information can be shared within your organization, please contact Systembolaget for the most current version of this document when needed.
The document outlines Systembolaget’s structured and long-term approach to information security, cybersecurity, and data protection. It describes how the company safeguards its information assets, manages personal data responsibly, and ensures compliance with data protection legislation. Systembolaget follows recognized frameworks such as ISO 27001 and CIS Controls to manage risks, classify information, and implement secure IT solutions. The company also maintains robust operational security through a Security Operations Center (SOC), systematic software and account management, and continuous training for users. All efforts are governed by clear policies, internal rules, and legal requirements to ensure reliable, secure, and privacy-aware operations.