POBA Services

ISO/IEC 27000 Certificate Compliance

The Challenge

POBA Services a.s. provides accounting services and facility management for its parent company Poštová banka, the 7th largest bank in Slovakia.

When POBA Servis a.s. was preparing for its ISO/IEC 27001 certification, it needed a company that could help them implement the security requirements set by the norm. Because the company handles sensitive client banking information and project documentation on behalf of Poštová banka a.s., they needed to reinforce both their information management security system and their risk management system.

POBA’s IT department chose Safetica security software to take care of their compliance needs, as it provides multiple tools that help companies satisfy the ISO/IEC 27001 norm requirements.

The Solution

The whole operation started with an analysis of how end users work with their computers, with a special emphasis on usual data handling processes. In the next phase, policies were set for external devices management - POBA Servis decided to only allow the use of Safetica-encrypted company USB drives.

In the last phase, actual data protection policies were set and fine-tuned. These policies prohibit sensitive files from being printed, copied to unauthorized external devices, sent to external email accounts, print screen captured or uploaded to the web.

The Result

Safetica gave POBA Servis a.s. the tools it needed for certification by ISO/IEC 27001. Safetica software supports the information management security system, ensuring internal security and protecting the company from human errors.

Files can only move in predefined ways, and records are available for all actions. Management now gets weekly summary reports on user internet activity, application use, document printing and file lifecycles. In the event of a security incident, POBA management is notified immediately.

POBA Services

POBA Services

  • provides accounting services and facility management
  • needs to comply with ISO/IEC 27001 norm requirements
  • performed complete internal data security audit
  • sensitive data can now be manipulated only according to defined security rules
  • management receives instant alerts in case of a security incident