Disclaimer
Preface
The business activities of Quintessence Consulting nv involve the use of both sensitive business data and personal data of its customers and partners. This data must be protected against various threats and in accordance with internationally accepted standards.
In addition to good technical security, customers and partners expect us to handle their data with care. Quintessence Consulting nv confirms that it deals with data responsibly in its business activities.
At Quintessence Consulting nv we regard the continuity of our services as a top priority. This is reflected in a fully developed management process for business continuity.
Contact
Questions about this statement can always be directed to the Data Protection Officer of Quintessence Consulting nv (ict.security@quintessence.be).
Privacy law and the processing of your personal data
We gladly refer you to our Privacy Policy on our website.
Information protection
Quintessence Consulting nv maintains a high level of security for the processing and for the data that are processed or stored. Our security is based on internationally accepted standards such as ISO / IEC 27001.
Main principles applied by Quintessence Consulting nv:
- Roles and responsibilities are defined to ensure that all security activities are adequately executed.
- A set of policies, standards, procedures and guidelines is provided to organize safety. These documents are regularly overhauled.
- Quintessence Consulting nv follows a risk-based approach to determine the required technical and non-technical security measures. This ensures that the right priorities are set and that only efficient and effective security measures are selected and installed.
- A data classification system is set up to distinguish various gradations of sensitive data and to protect them according to their needs. In addition, a data life cycle management is operational for the creation, use, storage and deletion of data.
- Quintessence Consulting nv undertakes to make the entire organization aware of information security and data protection through regular training and practice.
- Identity management and access control techniques are installed in such a way that information is protected against unauthorized access, alteration or destruction, both intentional and accidental.
- Physical safety measures protect the data and systems against fire and theft and guarantee access control to the buildings.
- Cyber security measures are operational. Our applications as well as the technology platforms are designed, configured, maintained and evaluated on the basis of recognized security criteria, such as OWASP, NIST SP 800 and the CIS Benchmark suite. Vulnerabilities and threats are continuously monitored.
- A business continuity program allows to restore business operations and services after a breakdown or calamity. The standards for information security are maintained during the activation of this program.
- The information security policy and its implementation are regularly evaluated (including in ISAE3402 type II audits).
BUSINESS CONTINUITY
Continuity Philosophy
Business Continuity Management (BCM) has been company-wide at Quintessence Consulting nv as part of corporate governance. BCM ensures the correct implementation of the regulation and of the standards and good practices for business continuity, published by national and international organizations such as BSI and ISO. The Quintessence system for business continuity management ensures the continuity of our services if a breakdown occurs as a result of a serious incident or a calamity, such as power outage, fire, inaccessibility of the buildings and incidents with the ICT infrastructure. All crucial activities in the organization are documented and they are regularly tested and optimized in accordance with the continuity strategy.
BCM Implementation
Our BCM process is based on the British Standard 25999 for business continuity management and the ISO 22301 for Societal Security. Our business continuity strategy addresses the unavailability of buildings, IT and personnel through action plans and the installation of emergency facilities. There are, among other things:
- The provision of emergency locations and infrastructure to accommodate our employees when a building is out of use. In addition, the confidentiality of our customer is also retained;
- The thoughtful design of our information and technology systems so that we can restart our crucial services by means of an ICT Disaster Recovery Plan (ICT DRP);
- The appointment of lecturers and substitutes for all crucial functions in the resilience organization.
Organisational Resilience
Quintessence Consulting nv has set up a resilient organizational structure to respond appropriately to any type of incident that could threaten the continuity of the organization. The resilience of the organization is based on the operation of various specific teams to ensure continuity: Incident, Crisis, Facility and IT DRP teams. For each of these teams there are up-to-date plans that include incident evaluation procedures, guidelines for escalation, call trees and other business recovery requirements.
There are also instructions for crisis management and crisis communication in such a way that in the event of a serious incident or a calamity, the coordinators and communicators are appropriately coordinated with all stakeholders.
Maintenance and testing
In addition to an annual revision of the plans, as part of the maintenance process, action is taken of continuous sensitization throughout the organization and the embedding of a continuity culture through regular training and exercise. We regard the practice of continuity procedures as a vital element of our BCM process and as an opportunity to discover points for improvement.