Our goal is to be a supplier of tax, accounting, auditing and payroll services which is able to comply with the ever growing requirements not only on automation of corporate processes, but also on the use of increasingly more sophisticated data processing technologies. When using these technologies, it is also necessary to focus on data security and on controlling the access to internal and external information and data. We are aware that without high-level data security we cannot gain the trust of our clients and business partners. Therefore we have been monitoring new trends and legislation concerning data security, and conducting regular inspections, concentrating in particular on:
- the protection of personal data, client data and generally all data administered by the company;
- systematic education of our employees in the area of information security;
- controlling physical access to the company premises;
- protecting information by means of backups and business continuity management processes;
- compliance with security rules in, but not restricted to, data exchange;
- shredding documents.
Apart from conducting inspections aimed at guaranteeing information security, we have been also adapting measures especially in the following areas:
- improving our organisational structure;
- implementing new technologies and technical means which we use when rendering our services to clients;
- defining responsibilities when administering data;
- designing processes for dealing with security breech events.
The company’s management supports sustained improvement of works in the area of data security and creates all necessary organisational and material preconditions for the personnel, aimed at achieving all objectives of our information security policy.
When assigning access rights within the organisation, the following principles are observed:
- every user has access only to information he/she needs for performing his/her work duties;
- what access rights the employee will be granted is decided by the employee’s superior within his/her competencies;
- if the employee no longer needs an access right, it is withdrawn immediately;
- remote access is permitted only within the extent necessary for performing work duties, and when making use of it, the employee must abide by defined procedures;
- the setting of all network services must respect the principle “What is not allowed is forbidden”.