Security at Ometria

decor
Ometria

Information security
management

We, at Ometria, are proud of the value our platform delivers to our Clients, but we are also highly aware of the sensitivity of our clients’ customers’ information and the importance of protecting not only their privacy, but also the protection of all personally identifiable or commercially sensitive data we handle whether it belongs to us or not.

This is why one of our five values is:

Respect for the trust we've been given

Core to this value is our capability to provide appropriate assurances to all Ometria’s stakeholders* of the stability of our business, the security and privacy of our products and services and the confidentiality of their information whilst in our care.

To achieve this, Ometria has identified and will adhere to the following information security and privacy objectives:

  • To ensure the appropriate level of security and privacy control is applied to information through a process of risk assessment which defines the necessary security and privacy requirements and identifies the probability and impact of security and privacy breaches in respect of that information.
  • To ensure the confidentiality of information belonging to all stakeholders by restricting access to information on a need-to-know basis.
  • To ensure the security and privacy of the Ometria platform and professional services in accordance with secure coding standards and best practices in software development and systems engineering.
  • To ensure the careful selection and management of suppliers in accordance with the needs and expectations of our stakeholders and relevant regulations and to mitigate the risks they may present to information security and privacy.
  • To ensure all employees, contractors and suppliers receive awareness training and guidance appropriate to their role, and their impact on information security and privacy, throughout the lifetime of their relationship with Ometria.
  • To meet all contractual, legislative and regulatory requirements of our stakeholders.
  • To ensure that any suspected or actual breach of information security and privacy policies and procedures is reported to the Data Protection Officer and handled in accordance with Ometria’s formal information security and privacy incident management procedures.
  • To ensure that any actual breach of information security or privacy is reported to the stakeholder(s)* affected and to the relevant National Data Protection Authorities (e.g. the Information Commissioner’s Office), as appropriate.
  • To ensure the achievement and ongoing certification of Ometria’s:
  • information security management system (ISMS)** to the ISO/IEC 27001 international standard for information security management systems; and
  • privacy information management system (PIMS)** to the ISO 27701 international standard, being an extension ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
  • by a UKAS-accredited certification body through continual improvement of the ISMS.

*stakeholders include, amongst others, clients and their customers, employees, suppliers, investors, directors and partners.

** The scope of certification is defined as, “Providers of a cross-channel dynamic marketing platform for creative marketing experiences in the retail sector across the world”.

These objectives and Ometria’s performance in achieving such objectives are regularly reviewed, to ensure their ongoing relevance, to ensure the necessary resources are made available to achieve these, and to promote continual improvement.

wardrobe

"With Al driven insights, segmentation capabilities, and a centralized dashboard, retail organizations have real- time access to valuable insights needed to create and deliver impactful and efficient campaigns, leading to stronger customer relationships and increased revenue"

Jessica Herbert-Maynard
Head of Marketing at Sephora
Speak to our expert team about your customer experience growth journey
Join industry leaders in choosing Ometria to power your customer marketing.