ACERTA’s corporate activities entail the use of sensitive and personal data of its customers and partners. These data must be safeguarded against all kind of threats and in accordance with internationally accepted standards.
In addition to technical security aspects, customers and partners expect us in general to handle their data with care. ACERTA acknowledges that its corporate activities include responsible processing of data.
At ACERTA, we consider “continuity” of our core services as top priority and this is reflected in a full-scale business continuity management process.
Questions, comments and requests regarding this statement are welcomed and should be addressed to the ACERTA security officer (ict.security@acerta.be)
At ACERTA we guarantee an adequate level of data protection, in compliance with the EU Data Protection Directive 95/46/EC and with Belgian laws(*).
ACERTA is preparing itself to meet the requirements of the new General Data Protection Regulation (GDPR), the successor of the EU Data Protection Directive, which is to become effective soon.
(*) Two important Belgian laws we comply with are:
As personal and business confidential information is used throughout the different business processes (payroll, child benefit, etc.), we need to guarantee at all times the confidentiality, integrity and availability of that information.
At ACERTA we maintain a high security level for our processing and for the data that is processed and stored.
Our security is based on internationally accepted standards such as ISO/IEC 27001. Main principles applied within ACERTA:
Business Continuity Management (BCM) at ACERTA is a part of “corporate governance”, as it is defined and applied company wide. It ensures compliance with regulations, standards and good practices on business continuity published by national and international organizations such as the BSI and ISO. ACERTA has realized a full-scale business continuity management system, which includes a resilience organization to ensure the continuance of our client services in the event of a service disruption due to a serious incident or disaster including, but not limited to: power outages, fire, inaccessibility of the building and ICT Infrastructure failures. All critical activities within our organization are documented to cope with a calamity and are regularly tested and improved according to the continuity strategy.
Our BCM process is based on the British Standard 25999 for business continuity management and the ISO 22301 for Societal Security. Our business continuity strategy addresses the unavailability of facilities, ICT and personnel by means of action driven plans and implementation of contingency measures. These include amongst others:
ACERTA has implemented a resilience organization structure to appropriately respond to any type of incident that could threaten the continuity of the organization. The resilience organization relies on several dedicated teams to ensure the continuity: Incident, Crisis, facility and IT DRP teams. There are up-to-date plans for each of these teams that include incident assessment procedures, escalation guidelines, call trees and other businesses recovery requirements as well as instructions for crisis management and crisis communication to insure proper coordination and communication to all stakeholders in the event of a serious incident or disaster.
In addition to a yearly review of the plans, which is part of our maintenance process, we commit ourselves to ensuring continuity awareness in the entire organization and embedding a business continuity culture by regular training and exercising. Business continuity exercising is considered a vital element of our BCM process and an opportunity to identify room for improvement rather than criticism. Therefore periodic exercising of the plans is performed and testing of DRP is executed.