ISO 27001

In response to the new GDPR ordinance,
We are proud that after half a year of implementing changes for maintaining
the highest data security in our company - we have obtained the ISO 27001 certificate

Certificate No. NC-2897

Certified by DRB Research shows that we are serious for security and data protection:
sensitive confidential Public The introduction of the ISO 27001 standard obliged us to implement the following policies: Data security policy - The policy of physical access to rooms and resources Software control - policy Cryptographic - policy System monitoring policy - Policy of dealing with equipment and data carriers - Risk assessment policy - Backup policy Business - continuity management policy Incident management policy

ISO 27001 is the only international standard that is fully compliant with legal requirements in the scope of information protection and personal data security. There are currently around 200 legal acts in Poland regarding information protection. It should be mentioned that in order to ensure the security of the company's information, the office and health care facility, they are required by the Act on personal data protection, combating unfair competition, protection of classified information, protection of persons and property, accounting, access to public information, copyright and related rights, protection of databases, provision of services by electronic means. In contrast, a comprehensive, best-functioning responding model All legal requirements are to implement and maintain the ISO 27001 information security management system. This standard defines the requirements for establishing, implementing, improving and reviewing the information security system.

By implementing it, we guarantee consumers comprehensive protection of personal data in the field of ICT, physical and organizational - legal. During the introduction of the regulation GDPR in the structure of DRB Polonia, we rely on such proven methods as: - audit related to the implementation of the GDPR to business and IT processes - risk analysis in the processing of personal data - adaptation of processes and the IT environment - adjustment of documentation - training for employees. Thus, we know that in the future we will not have problems with monitoring consumer personal data, as well as with cooperation with the new Data Protection Authority.

We are implementing a revolution in the approach to the protection of personal data. We are moving away from the restorative application of the law to engage in building our own personal data protection system, directly under the profile of our company. The implementation of the rights of natural persons is a priority for DRB Research.

We want DRB Research to enjoy the reputation of a company that cares about privacy. We are convinced that only a well-thought-out system of personal data protection allows to maintain a consistent image of the company.