No notes
Empty basket
Print version
2018 Financial and Social Report

The information security system in place in the Bank Millennium Group is modeled after the international ISO/IEC 27001 standard which defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management in the organization.  The information security management system consists of a set of the documented processes in force in the Bank and in the Bank Millennium Group’s Companies in the part aligned to the profile of the activity they conduct.

The accepted information security management model determines the comprehensive system for protecting all information processed in the Bank, including information on clients, employees, business partners and transactions. In order to achieve this goal, the Bank uses a broad range of organizational, IT, telecommunication measures and in particular device protection mechanisms, systems, applications, databases and communication channels. The information security management model was constructed to safeguard against influence being exerted by key risks such as a potential loss of information concerning financial transactions, a leak of confidential information and inaccessibility of services.

The data and resources of Bank Millennium clients are under constant oversight of a dedicated specialist team ensuring security of all the channels used to access the Bank’s products and services. The company attaches particular importance to the security of our customers using electronic channels to access banking products and services by improving technical and operational security measures.  The Bank has been using tested and safe methods to confirm identity of IT system users and is constantly developing them to ensure safe and convenient access to the Bank’s systems.  Our clients may use innovative identification methods such as biometric fingerprint data.

New threats and methods employed by criminals are undergoing constant analysis to be able to counter them even more effectively. In addition, the Bank has been actively collaborating with other financial sector entities in Poland and internationally, sharing its knowledge about contemporary threats, trends and the evolving methods of abuse.

The obligatory educational program applicable to all employees is a significant part of the Bank’s information security system. It contains a set of information about the best practices in personal data protection, banking secrets, company secrets and other confidential data. Moreover, the Bank is constantly honing the safety mechanisms it employs by submitting them to independent evaluations and audits conducted by reputable consulting companies and specialized firms.

Training on protection of personal data and information – number and % of employees trained
2018 Bank 2018 Grupa 2017 Bank 2017 Grupa 2016 Grupa 2015 Grupa
Classification, processing and protection of information in the Bank* 1,085 (19%) 1,139 (18%) 1,020 (19%) 1,066 (18%) 711 (12%) 923 (15%)
Personal data protection** 1,111 (19%) 1,166 (19%) 1,892 (34%) 1,939 (33%) 1,663 (28%) 2,987 (50%)

* new employees are trained

** new employees of specified entities are trained

In 2018, the Bank carried out a program of adaptation to the requirements of the General Data Processing Regulation (GDPR). The Bank has also prepared new solutions helping clients use the privileges offered by GDPR – including full access to their information and flexible management of consents.

Special care is attached to the continuity of services rendered by the Bank. By establishing the integrated Business Continuity Management System, the Bank makes sure that the key processes and IT systems are available regardless of any chance events. The distributed architecture of the Bank’s information technology environment increases its resistance to threats and reduces the risk of unavailability of services.

The Bank’s initiatives in security enjoy the recognition of independent experts. The Bank received a distinction for Best Practices in IT Systems Security in the 2017 and 2018 Golden Banker contest. In addition, it has unwaveringly been the top player among the largest Polish banks in the independent security ranking prepared by BitSight. [GRI 103-1,103-2, 103-3]