Safety of information and transactions
[GRI 102-15] [GRI 103-1] [GRI 103-2] [GRI 103-3] The Bank uses its best efforts to ensure the protection of clients’ funds and privacy. To this end, risk analyses are conducted both before the preparation of new products and services and globally – describing the whole ICT environment of the Bank. The key risks associated with inadequate protection of clients’ funds and privacy are leakage, loss or unauthorized modification of client data.
The information security system in place in the Bank Millennium Group is modelled after the international ISO/IEC 27001 standard which defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management in the organization. The information security management system consists of a set of the documented processes in force in the Bank and in the Bank Millennium Group’s companies in the part aligned to the profile of the activity they conduct.
The accepted information security management model determines the comprehensive system for protecting all information processed in the Bank, including information on clients, employees, business partners and transactions. In order to achieve this goal, the Bank uses a broad range of organizational, IT, telecommunication measures and in particular device protection mechanisms, systems, applications, databases and communication channels. The information security management model was constructed to safeguard against influence being exerted by key risks such as a potential loss of information concerning financial transactions, a leak of confidential information and inaccessibility of services.
The data and resources of Bank Millennium clients are under constant oversight of a dedicated specialist team ensuring security of all the channels used to access the Bank’s products and services. The company attaches particular importance to the security of our customers using electronic channels to access banking products and services by improving technical and operational security measures. The Bank has been using tested and safe methods to confirm identity of IT system users and is constantly developing them to ensure safe and convenient access to the Bank’s systems. Our clients may use innovative identification methods such as biometric fingerprint data.
New threats and methods employed by criminals are undergoing constant analysis to be able to counter them even more effectively. In addition, the Bank has been actively collaborating with other financial sector entities in Poland and internationally, sharing its knowledge about contemporary threats, trends and the evolving methods of abuse.
The obligatory educational program applicable to all employees is a significant part of the Bank’s information security system. It contains a set of information about the best practices in personal data protection, banking secrets, company secrets and other confidential data. The training covers both employees of the Bank Millennium Group and employees of cooperating companies, who may have access to the Bank’s network.
Safety training Bank Millennium Group |
2021 | 2020 | 2019 | 2018 |
---|---|---|---|---|
% of employees trained | 90% | 91% | 91% | 92% |