Certificates and Policy
The company management is aware of the responsibility to ensure the quality and information security in the provision of its information technology services and places a strong emphasis on supporting strategic goals and customer satisfaction.
Therefore, the company continually improves and adapts the characteristics of its products to the requirements of its customers and relevant stakeholders (eg. employees, suppliers, state and local authorities and NGOs).
The company has implemented management systems:
- ISO 9001 Quality management systems
- ISO 14001 Environmental management systems
- IS 27001 Information security management systems
- ISO 27018 Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (SR)
- ISO 20000-1 Service management system
- ISO 22301 Security and resilience. Business continuity management systems (SR)
- ISO 25000 Software Engineering. Software product Quality Requirements and Evaluation (SQuaRE) (SR)
Our company defined its intentions in the area of management systems, product quality and processes in the documents of the Integrated Management System Policy and Service Management Policy.
ISO 9001 Quality Management System
Asseco Central Europe implemented and certified Quality Management System (QMS) according the norm ISO 9001 in 2002 for the first time. The system is constantly being improved and maintained in accordance with the requirements of applicable standards. Customer’s satisfaction with the delivered solutions and provided services belongs among the primary goals of the company. In an effort to meet customers’ and business partners’ expectations, Asseco Central Europe focuses particularly on continuous improvement of the quality of provided services and products. This is closely related to the stable, enhanced attention and devoted management, coordination and improvement of the processes in Asseco Central Europe. The professional level of project management is achieved by means of process management, which creates prerequisites for further increases in the quality of the provided solutions and services.
ISO 9001 Quality Certificate has been issued for the following activities:
- Providing of software solutions (sale of off-themself programs as contracted with authors, development of custom software) and realization of projects;
- Design, development, production, implementation, system integration and providing of IT systems operation;
- Information systems development;
- Software development process;
- Hardware and networks delivery and support;
- Provision of consultancy, analytical and advisory services within the field of information and communication technologies;
- Providing for operations of information systems; Software and hardware advisory and consulting services for information systems and Office equipment.
ISO 14001 Environmental Management System
Asseco Central Europe received in 2008 certificate according to the standards of ISO 14001 Environmental Management Systems (EMS). ISO 14001 Environmental Management Systems certificate has been issued for the same activities as defined in the previous chapter on the Quality Management System. Although the company has no significant impact on the environment by its subject of business activity and provided services, it strives within its philosophy “to be environmentally responsible”, to help protect human health as much as and contribute to the improvement of the quality of the environment and protect it from possible impacts of its activity.
ISO 27001 Information Security Management System
To ensure adequate protection of company information as well as information provided by customers, Asseco Central Europe introduced an information security management system according to the ISO 27001 standard. The implemented Information Security Management System (ISMS) was certified by Bureau Veritas in 2010. The obtained certificate is valid for:
- Comprehensive solutions in information and communication technologies (advisory and consulting services, integration services, project management, sales, analysis, design, implementation and maintenance of information systems);
- Providing of IT systems operation;
- Software development and providing of IT services.
ISO 27018 Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (SR)
ISO 20000-1 IT Service Management System
The Company Asseco CE in the Slovak Republic was certified according to ISO standard 20000-1 in 2020. System for IT service management (ITSM - Information Technology Service Management System) provides support to process management of an organization in the area of ideal use of information technology, thus contributing to improving the efficiency and quality of IT services. The scope of certification in accordance with ISO 20000-1 is a system of management of IT services provided under the division Public SK and under the division Fabasoft for the operation, management, support and development of information systems and cloud solutions (the whole scope of supply is in the certificate).
The Company Asseco CE in the Czech Republic was certified according to ISO standard 20000-1 in 2015. System for IT service management (ITSM - Information Technology Service Management System) provides support to process management of an organization in the area of ideal use of information technology, thus contributing to improving the efficiency and quality of IT services. The scope of certification in accordance with ISO 20000-1 is a system of management of IT services provided by the division Public CZ and by the division Omnichannel Banking that covers the operation, maintenance, support and development of information systems for external customers.
ISO 25000 (SR)
ISO 25000, Quality Requirements and Quality Evaluation of Software Product
Asseco CE in the Slovak Republic was granted the ISO 25000 certificate in 2017. This management system, ensuring compliance with requirements for quality and software product quality assessment, was implemented within the Public SK BU and encompasses design, development, production, implementation, system integration and post-implementation support for information systems and software.
Industrial Security and Entrepreneur Certificate
Confirmation on Industrial Security and Entrepreneur Certificate
Asseco CE disposes of Security Facility Clearance Certificate, issued by the National Security Authority of the Slovak Republic, and Entrepreneur Certificate, issued by the National Security Authority of the Czech Republic, which allow access of the Company to classified information up the level Secret.
Integrated Management System Policy
Asseco Central Europe, a. s. is one of the most important providers of complex solutions and services in the technology area in the Slovak Republic and the Czech Republic.
The integrated management system, including quality management systems, information security and environment, presents a symbol of credibility and stability to customers, interested parties and employees of society. It provides a system approach for the implementation and delivery of solutions and services and prevents the occurrence of accidental disagreements, loss of confidentiality, integrity and availability of classified information to society and environmental damage.
The management of the company supports all available means to fulfill the integrated management system policy while accepting the following commitments:
- Improve continuously the processes of the company’s further development in an effort to increase customer‘s satisfaction so that all processes are carried out efficiently, with a minimum potential negative impact on the environment, in accordance with the applicable legislative requirements, the requirements of the public authorities and relevant stakeholders.
- Promote staff training and raise awareness. The Integrated management system policy can be implemented only in the active engagement of all employees and therefore the company pays close attention to the development of employees, promotes and ensures their professional growth and awareness in the areas such as quality, information security and environmental protection.
- Create and maintain mutually advantageous relationships with suppliers based on trust, correctness, high quality of services provided and environmental care.
- Ensure environmental protection and compliance with legal and other requirements by preserving the philosophy of “being responsible for the environment”, preventing waste generation and saving natural resources.
- Permanently protect all information assets from external and internal threats, misuse, disclosure or destruction.
- Provide a high level of security for the all our customers, partners and in the internal environment of the company by operating, controlling, maintaining and continually improving all information security areas in the context of business activities and risks Company.
- Improve the integrated management system by increasing its efficiency and maintaining the system in accordance with the requirements of ISO 9001, ISO 14001 and ISO 27001 and relevant legal and other requirements.
Service Management Policy
Asseco Central Europe, a. s. (hereinafter referred to as "the Company") is a provider of complex solutions and services in the area of information and communication technologies.
Conscious of the need for quality service provision, management of the company supports the objectives and principles of the provision of services with an emphasis on maximum importance and as its commitment declares this policy of service management:
- The management of the Company provides adequate resources for the planning, implementation, monitoring, review and improvement of service delivery and management. The company ensures that the customer's requirements are set correctly and is committed to meet them, in an effort to increase customers satisfaction.
- The management of the Company shall be adopted annually by the objectives and measures to improve and improve the effectiveness of ITSMS. At scheduled intervals, service management reviews are carried out to ensure their constant suitability, adequacy and efficiency.
- In the company's environment, the rules and principles for the provision of services arising from basic documents binding on all business units of the company, extended to the requirements of ISO/IEC 20000-1 and other relevant standards, as well as the requirements of the applicable legislation of the Slovak Republic and of the Czech Republic and the contractual requirements, in particular by customers, are implemented.
- The Rules and principles for the provision of services are laid down by a contract containing the agreed parameters of the level of services provided (SLA).
- A procedure for managing and evaluating the risks of services (identifying acceptable levels and accepting the risks of services) is defined.
- All employees of the company and other persons working in the provision of services are required to comply with the rules and principles laid down. Their failure to comply constitutes a breach of the work discipline or contractual agreements with the relevant consequences.
- Activities in this area also include continuous training of all the employees of the company on the principles and current issues of providing services and improving them.
ISO 22301 Security and resilience. Business continuity management systems (SR)