The information security system in place in the Bank Millennium Group is modeled after the international ISO/IEC 27001 standard which defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management in the organization. The information security management system consists of a set of the documented processes in force in the Bank and in the Bank Millennium Group’s Companies in the part aligned to the profile of the activity they conduct.
The accepted information security management model determines the comprehensive system for protecting all information processed in the Bank, including information on clients, employees, business partners and transactions. In order to achieve this goal, the Bank uses a broad range of organizational, IT, telecommunication measures and in particular device protection mechanisms, systems, applications, databases and communication channels. The information security management model was constructed to safeguard against influence being exerted by key risks such as a potential loss of information concerning financial transactions, a leak of confidential information and inaccessibility of services.
The data and resources of Bank Millennium clients are under constant oversight of a dedicated specialist team ensuring security of all the channels used to access the Bank’s products and services. The company attaches particular importance to the security of our customers using electronic channels to access banking products and services by improving technical and operational security measures. The Bank has been using tested and safe methods to confirm identity of IT system users and is constantly developing them to ensure safe and convenient access to the Bank’s systems. Our clients may use innovative identification methods such as biometric fingerprint data.
New threats and methods employed by criminals are undergoing constant analysis to be able to counter them even more effectively. In addition, the Bank has been actively collaborating with other financial sector entities in Poland and internationally, sharing its knowledge about contemporary threats, trends and the evolving methods of abuse.
The obligatory educational program applicable to all employees is a significant part of the Bank’s information security system. It contains a set of information about the best practices in personal data protection, banking secrets, company secrets and other confidential data. Moreover, the Bank is constantly honing the safety mechanisms it employs by submitting them to independent evaluations and audits conducted by reputable consulting companies and specialized firms.
Training on protection of personal data and information – number and % of employees trained
|Classification, processing and protection of information in the Bank*
|Personal data protection**
* new employees are trained
** new employees of specified entities are trained