In December 2015, Exorigo-Upos was certified according to PN ISO / IEC 27001: 2014. The certificate, obtained from an independent certification body, confirms that our company manages all aspects of information security in accordance with the best standards and practices. The Information Security Management System, based on the requirements of PN ISO / IEC 27001: 2014, orders information security processes. Additionally, it introduces tools such as risk analysis and internal audits that are properly used to detect and eliminate security threats before they even occur. This system also introduces certain standards, such as security policies for specific systems, which, after implementation, will improve the security and quality of IT asset management.
The scope of certification:
- Supply and maintenance of teleinformatic networks (networks, servers, devices)
- Maintenance and development of applications
- Maintenance of workstations
- Installation of payment terminals
- Development and implementation of copyright applications (including payment card applications and co-operation with payment card authorisation centres, shopping store applications, and e-commerce applications)
- Customisation and implementation of third-party applications (including ERP, DW / BI, ARCHIBUS, HYPERION)
- Production of fiscal printers
- IT service of the chain of shops
- Service equipment and devices
- Logistics and warehouse management
The benefits of using the ISO 27001 information security management methodology:
- Increased responsibility of all employees for the Company's information resources used
- Transparency of information security processes, through policies, procedures and manuals
- Increased awareness of the protection of information for every employee in the Organisation
- Clearly define the rights and responsibilities of all employees
- Ensure that the legal requirements of the organisation required to comply with, are met
- Increased employee awareness of information security
- Continuous improvement of processes related to information security in the Company
- Better protection of the organisation's assets, resources, and interests
- Guarantee, for contractors and customers, of proper protection and security of processed information
- Ensuring guarantees and continuity of operation and securing information for critical business processes of the Company
- Minimise the risk of information security incidents
- Effectiveness of procedures to minimise the impact of information security incidents
- Full control over the assets and information of both suppliers and customers
- Guaranteed confidentiality of your organisation and its customers
At the beginning of 2016, we completed the implementation of our procedures and certification under the PCI DSS Service Provider, Level 1 standard. After a successful audit, we received a valid PCI DSS compliance certificate.
PCI DSS is a security standard that was developed to ensure a high and consistent level of security in all environments in which cardholder data is being processed.
Implementing PCI DSS as a Service Provider Level 1 reduces the scope of a client's card environment by using certified software (EuroKarta EFT) and the audited Data Centre with PCI DSS certification, which ultimately translates into financial benefits when implementing PCI DSS in merchant networks.