Implemented Standards

• PN-EN ISO/IEC 27001:2023-08E
• PN-EN ISO/IEC 27002:2023-01E
• PN-EN ISO 22301:2020-04P
• PN-EN ISO 9001:2015 (Quality Management System)

BackOffice Outsourcing Sp. z o.o. ensures high-quality delivery of outsourcing services, maintaining the highest standards of information security and business continuity. Our operations are based on international ISO standards, advanced IT solutions, and internal procedures fully compliant with current legal and technological requirements.

The implemented and continuously maintained Security Policy complies with:

• the Personal Data Protection Act,
• the General Data Protection Regulation (GDPR – EU 2016/679),
• the Act on the National Cybersecurity System,
• the Act on Electronic Services Provision,
• and sector-specific laws regarding postal services and client data management.

Key Areas of Security Policy Implementation

1. Emergency and contingency plans (business continuity & disaster recovery):
   Ensure uninterrupted operations at the company headquarters and at Contractor locations. These plans include incident response procedures, backup scenarios, recovery workflows, and scheduled restoration tests.
2. IT system management:
   • Internal security policies,
   • Access control management (principle of least privilege, user identifiers, activity logging),
   • Physical and logical safeguards (firewalls, encryption, antivirus scanners, system integrity monitoring).
3. Personal data protection:
   • Fulfillment of data controller obligations under the GDPR,
   • Records of processing activities,
   • Employee training on data protection,
   • Data breach response procedures and reporting to supervisory authorities.
4. Quality Management System according to ISO 9001:2015:
   The company has implemented and certified a QMS that provides a structured approach to process management, risk analysis, and continuous improvement. It includes:
   • mapping and optimization of operational processes,
   • control of documentation and information flow,
   • internal audits,
   • periodic management reviews,
   • mechanisms for handling complaints and nonconformities.
5. Employee training:
   Periodic training sessions in information security, data protection, compliance with ISO standards, and incident response. All sessions are recorded and evaluated.
6. Risk management:
   Risk identification, analysis, and assessment are conducted using recognized methodologies across all operational, technological, and legal domains. All areas are covered by documented, regularly updated risk assessments.
7. Office and physical document protection:
   • Access control systems (entry logging, surveillance, badge systems),
   • Alarm systems,
   • Inbound and outbound correspondence tracking via the COK system (cok.com.pl),
   • Secure server storage of scanned documents,
   • Restricted zones for sensitive data and paper documentation.

Integrated Approach

BackOffice Outsourcing follows a coherent security, quality, and business continuity policy, fully integrated with process governance and legal compliance. The implementation of ISO 27001, ISO 22301, ISO 9001, and ISO 27002 forms the foundation of professional and auditable management. As a result, we provide our Clients, Partners, and Stakeholders with:

• assurance of data confidentiality, integrity, and availability,
• organizational resilience in crisis scenarios,
• quality and consistency in service delivery,
• transparency and full compliance with legal frameworks.