We at Ometria are proud of the value our platform delivers to our clients, but we are also highly aware of the sensitivity of our clients’ customers’ information and the importance of protecting not only their privacy but also the protection of all personally identifiable or commercially sensitive data we handle whether it belongs to us or not.
Security at Ometria
This is why one of our five values is:
Respect for the trust we’ve been given
Core to this value is our capability to provide appropriate assurances to all Ometria’s stakeholders* of the stability of our business, the security of our products and services and the confidentiality of their information whilst in our care.
To achieve this, Ometria has identified and will adhere to the following information security objectives:
- To ensure the appropriate level of security control is applied to information through a process of risk assessment which defines the necessary security requirements and identifies the probability and impact of security breaches in respect of that information.
- To ensure the confidentiality of information belonging to all stakeholders (including clients and their customers, employees, suppliers, investors, directors and partners) by restricting access to information on a need-to-know basis.
- To ensure the security of the Ometria platform and professional services in accordance with secure coding standards and best practices in software development and systems engineering.
- To ensure the careful selection and management of suppliers in accordance with the needs and expectations of our stakeholders and relevant regulations and to mitigate the risks they may present to information security.
- To ensure all employees, contractors and suppliers receive awareness training and guidance appropriate to their role, and their impact on information security, throughout the lifetime of their relationship with Ometria.
- To meet all contractual, legislative and regulatory requirements of our stakeholders.
- To ensure that any suspected or actual breach of information security policies and procedures is reported to the Data Protection Officer and handled in accordance with Ometria’s formal information security incident management procedures.
- To ensure that any actual breach of information security is reported to the stakeholder(s) affected and to the relevant National Data Protection Authorities (e.g. the Information Commissioner’s Office), as appropriate.
- To ensure the achievement and ongoing certification of Ometria’s information security management system (ISMS) to the ISO 27001 international standard for information security management systems by a UKAS-accredited certification body.
- Ometria is committed to continual improvement.
These objectives and Ometria’s performance in achieving these are regularly reviewed, to ensure their ongoing relevance, to ensure the necessary resources are made available to achieve these, and to promote continual improvement.