ATM S.A., operating under the Atman brand, provides and maintains data center and telecommunications services, including colocation, hosting, data transmission and Internet access, as well as services involving dedicated servers, cloud computing and security.
ATM S.A. adopts a process-based approach oriented towards information security, and is thus engaged every day in supporting and promoting actions to improve the effectiveness of processes and ensure the proper security of processed information, including the definition of opportunities and risks, the conduct of analyses, and the implementation of enhancements and security measures. The end result of these actions is the satisfaction of clients with the quality of services, with the way they are delivered and maintained, and with the provision of appropriate security for their data and key information.
The Integrated Management System (IMS) policy supports the company’s strategic course and creates a framework for quality targets and information security targets in relation to the internal integration of solutions for the following guidelines:
- Quality Management System according to PN-EN ISO 9001:2015-10
- Information Security Management System according to PN-ISO/IEC 27001:2014-12
Certificates of compliance with these systems, awarded by one of the world’s largest independent certification authorities, and renewed annually, provide formal proof of our commitment to the continuous development of a practical approach to the fulfilment of the requirements of the above standards.
The IMS policy is implemented by:
- Adapting offers and sales channels to the needs and potential of clients, which leads to the effective processing of offers and increases chances of obtaining a greater number of satisfied clients;
- Adapting existing products and launching new products to meet clients’ needs, while also adjusting them to growing technological and market requirements;
- Optimizing service delivery times through the standardization of processes supported by modern IT systems that provide possibilities of analyzing key indicators with regard to the type and specific features of a service;
- Servicing clients reliably, effectively and efficiently in both deployment and maintenance processes, using clear communication via defined channels;
- Deploying and maintaining means of security for information assets (particularly legally protected information – commercial secrets, confidential information, personal data – and the ICT systems used to process that information) depending on their importance, and making regular analyses of security measures to confirm that they are effective and up-to-date;
- Performing regular estimation of risk having an impact on the quality of delivered services and on information security, using an internally adapted methodology, defining risk owners and effectively implementing a risk management plan so as to minimize, avoid or spread risk, or to maintain a given level of risk where justified;
- Designing information protection mechanisms through the definition of access control elements and levels of permissions, identification and authentication, and system event tracking;
- Employing and retaining a team of specialists, and providing regular opportunities to improve their skills and qualifications in line with their chosen professional development path and with the strategic development of the organization;
- Promoting reliability, solidity and cultured behavior among all employees in dealings with colleagues, clients and partners;
- Providing employees with comfortable and ergonomic working conditions that assist effective communication and cooperation.
The tasks of the team as a whole include:
- Ensuring that clients receive services in accordance with the declared level of quality, advancement and reliability, with particular attention to the security of key data;
- Providing services and keeping information secure in accordance with applicable laws, technological processes and set internal requirements;
- Making constant effort to meet clients’ expectations;
- Working according to established processes and ensuring their improvement by identifying and implementing actions to increase their effectiveness.
Managers are obliged to monitor processes on a continuous basis and to analyze the results of the work of the team in order to:
- Improve the effectiveness of processes;
- Ensure the availability of resources and the security of assets;
- Communicate the importance of effective administration of the Integrated Management System and its continuous improvement;
- Engage, direct and support people who contribute to the effectiveness of the IMS.
Fulfilment of the requirements of the Integrated Management System and continuous improvement of its effectiveness is an overriding goal of management, and makes a significant contribution to strengthening the company’s image and thus increasing client trust.