We strive for the services we provide to be at a highest level. Management of IT processes in the area of Comarch ICT is based on the best practices of ITIL v3. It is the most widely accepted concept in the world of IT service management. ITIL is a set of best management practices. The collection contains tips, suggestions, and practices that guide to the most effective and efficient rendition of services. In Comarch the following processes are covered by these activities: change management, incident management, problem management, configuration management.
Comarch ICT activity is covered by the Integrated Management System (IMS) which is implemented and maintained throughout the company. It meets the requirements of the following standards:
Confirmation of compliance with certain standards is the certificate of the Integrated Management System, issued by the Polish Center for Testing and Certification, which cooperates with Comarch in terms of surveillance and certification audits. More information about implemented standards is available here.
Comarch’s activities in IT infrastructure are related to the commercial provision of technologically advanced IT products. Comarch SA was one of the first companies in Poland to obtain an Export Control System certificate for the trade of dual-use goods in accordance with the Act of 29.11.2000 on foreign trade in goods, technologies and services of strategic importance for national security and for the maintenance on international peace and security. Comarch SA obtained a certificate which confirms conformance with Art. 11 (2) of this Act in the following scope of activities: export, import, intra-Community transfer, technical support, brokering services of goods, technologies and services of strategic importance. The certificate was issued by the Polish Center for Testing and Certification and is available here.
At the beginning of 2012, we launched the "ISAE 3402 TrustedProjects " program. It is dedicated to customers who require services of the highest quality. Customers participating in the program receive a guarantee of annual audits of projects designed to meet the requirements of ISAE 3402 (formerly SAS70). The attained certificate has been developed based on the relevant standards governing the assessment of the internal control environment of organizations that provide outsourcing services. On its basis an independent study is conducted and the auditor's opinion presented, which entitles the audited party to receive the Type I certificate (assessment of the adequacy of the internal control environment of the project or Type II ( assessment of the adequacy and tests of the effectiveness of the internal control environment). The entity authorized to carry out the audit is a consulting firm KPMG.
Concerned about the quality of services, we manage projects according to the PRINCE2 method (Project In Controlled Environment). It is an approach to management based on processes that can be easily adapted to the individual needs of our customers. PRINCE2 is a project management methodology, regardless of the project’s size or type. The main advantage is the flexibility and adaptability to the team and to the various levels of complexity of the project.
PCI DSS certification (Payment Card Industry Data Security Standard), owned by Comarch means that the data transaction used in cards payment, such as data cards and PIN numbers, are encrypted, transmitted and stored in compliance with strict procedures and the best security standards. The major purpose of PCI DSS certification is to prevent sensitive data leaks, as well as minimizing the risk of hacking into systems and crimes related to this. Supervise the implementation of the PCI DSS holds a non-governmental organization PCI SSC (Payment Card Industry Security Standards Council). Its task is to define the PCI DSS standards, certification of companies and auditors that are responsible for the audit of compliance and unification of verification process.