Information security is critical to maintaining the reputation and brand of Complexica and its ongoing success and viability.
Our core security principle is to ensure the confidentiality, integrity, and availability of the information entrusted to us by our customers and business partners, as well as our own information.
As such, we aim to provide assurance to internal and external stakeholders of the security and privacy of their information entrusted to Complexica, whether in storage, processing or transmission.
To realise this principle, we are committed to the following security objectives:
- Maintaining a culture of security awareness amongst Complexica staff by emphasising that everyone has responsibility and accountability for the protection of information.
- Implementing effective security controls to ensure the confidentiality, integrity, and availability of information.
- Operating an Information Security Management System in accordance with the ISO/IEC 27001:2022 information security standard to provide a mechanism for the continual improvement of information security practices at Complexica.
- Assigning responsibilities and providing adequate resources to ensure a structured and consistent approach to managing information security.
- Monitoring systems and investigating all detected security breaches and weaknesses.
- Promoting a disciplined approach, aligned with our risk management framework, to the identification and management of information security risks across the business.
- Maintaining compliance with all policy, legal, regulatory and contractual requirements.
- Monitoring and measuring our performance against our security objectives to ensure commitment to the continual improvement of information security practices.
This policy applies to:
- All full time, part-time, casual, or contracted Complexica personnel
- All suppliers providing services to Complexica
Any other third parties with a valid reason to access information held by Complexica
Complexica has achieved ISO27001:2022 certification, recognising its commitment to providing customers with the highest level of information security management. Following an extensive audit process, the certification was issued by TQCSI International, an accredited, third-party certification body providing auditing and certification of international management system standards with offices in more than 30 countries.
“Our customers demand the highest level of data security in accordance with industry best standards and practices, and obtaining ISO 27001:2022 certification is recognition of our commitment to provide exactly that,” said Constantin Chiriac, Complexica's Chief Software Architect. “This certification underscores our commitment to ensuring that customer and partner data is treated with the utmost respect in terms of security and privacy, and our ongoing dedication to best practices in the area of information security management."
ISO 27001 is the most widely recognised international standard outlining best practices for information security management systems. The standard was published in October 2013 by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) and ensures that organisations have established methodologies and a framework of business and IT processes to help identify, manage, and reduce risks. More information about this standard can be found on https://www.iso.org/isoiec-27001-information-security.html
Complexica's certification details are publicly available on TQCSI Certificate Directory