Data Security and ISO certifications
Committed to Efficiency, Quality and Security
Quality and data security are of crucial importance to us at Marcura.
Our systems and the processes in place incorporate security and quality by design from their inception.
Our dedicated teams are focused on maintaining the necessary systems and processes to minimise our customers’ exposure to legal, financial, transactional, regulatory, and operational risks.
All this is managed by the Group Legal & Compliance Department, which is overseen by our Board of Directors.
Marcura currently holds all 4 of the following ISO certifications:
- ISO 9001:2015 Quality Management System (QMS): certified since 2004 by Lloyd’s Register and audited biannually
- ISO/IEC 27001:2013 – Information Security Management System (ISMS): certified since 2018 by Lloyd’s Register and audited biannually
- ISO 14001:2015 – Environment Management System (EMS): certified in 2021 by Lloyd’s Register and audited biannually
- ISO 45001:2018 – Occupational Health and Safety Management System (OHSMS): certified in 2021 by Lloyd’s Register and audited biannually
External auditors (Lloyd’s Register) spend on average 17 days per year auditing Marcura.
Every six months we also have internal audits performed by a specialised team whose sole focus is on maintaining standards and audits throughout the group. Last year:
- 39 teams were audited by the external auditor
- 33 teams were audited by the internal team.
Data and information security
- Data backups: Data backups are performed regularly for emails, scanned documents, and departmental folders
- System audits:
- Computer controls are audited regularly;
- Servers are strictly monitored & updated daily with the latest security patches.
- Business continuity & redundancy: DA-Desk has a Business Continuity and Disaster Recovery (BCDR) plan to ensure continuity of operations in the event of an extended disruption of processing ability.
- Marcura India is an active and operational site and equipped to serve as a backup in the event of disruptions in Dubai;
- Marcura Philippines, is a new active and operational site that is also being equipped to serve as a backup;
- Standby generators are available to supply electricity within five minutes of power failure;
- Data centers in Europe that are designed with high availability and redundancy; and
- A disaster recovery site in Europe that is also designed with high availability and redundancy.
Audited by Deloitte
In keeping with the requirements of Section 404 of the Sarbanes-Oxley Act, DA-Desk is audited annually by Deloitte, the global accounting firm, which issues an ISAE No. 3402 Type II letter to signify that general controls are suitably designed and operating effectively.
It also includes the following elements:
- integrity and ethical values
- commitment to competence
- management controls
- organisational structure
- assignment of authority and responsibility
- human resources policies and practices.
General Data Protection Regulation (GDPR)
With the introduction of the General Data Protection Regulation in May 2018, Marcura has taken steps and initiated various measures to comply with its obligation, including but not limited to:
- appointing a Data protection officer
- creating a GDPR task force
- voluntarily registering with the UK’s Information Commissioner’s Office
- completing data protection impact assessment audit.