At the end of August, for the first time in the history of the company, an audit of the Integrated Quality and Information Security Management System took place. Its result was positive: zero discrepancies. Consequently, BSI (British Standards Institution) issued ATM S.A. with ISO 9001:2015 certificate and maintained the validity of ISO/IEC 27001:2013 certificate.
So far, ATM has had two independent systems concurrently operating with success: Quality Management System and Information Security Management System. At the beginning of this year, the Company's Management Board decided to merge them into one coherent system: Integrated Quality and Information Security Management System. The organization spent following several months developing and implementing solutions to meet the common requirements of both standards. This commitment culminated in a positive outcome of the audit, which was carried out by an independent certification body.
The main activities undertaken by the organization:
- Developing an integrated policy and a new risk assessment methodology
- Carrying out integrated internal audits and an integrated management review
- Creation of process sheets and a unified way of controlling corrective and improvement actions
- Revision and improvement of safeguards resulting from the declaration of use, compliance with the requirements of GDPR
Further improvement actions are planned, especially in the area of information security (access control, cryptography, secure operation, development and maintenance of systems, relations with suppliers). We also need to respond to the requirements of the Act on the national cybersecurity system, which entered into force on 28 August this year.
High quality of designed, delivered and maintained services combined with effective protection of information that accompanies these processes - is a priority for ATM company providing services under the Atman brand.