Comprehensive governance, risk and compliance security strategies

The StarCompliance approach to security is based on a Governance, Risk and Compliance strategy, led and supported from the top down. Our Information Security and Data Protection team ensure that strict policies and procedures are established and implemented in relation to best practice, legislative, regulatory, legal and contractual requirements. These procedures are coupled with the authority to enforce the controls – administrative, technical and physical – which protect our security principles of confidentiality, integrity and availability.

GOVERNANCE

StarCompliance conforms to standards defined by the International Organization for Standardization (ISO) and is certified to:

  • ISO 27001 – Information Security Management System
    Our systematic approach to managing sensitive company information ensures it remains secure. This involves applying robust risk management to our people, processes and IT systems.
  • ISO 9001 – Quality Management System
    Our QMS enables us to identify, measure, control and improve the core business processes that lead to improved business performance.
  • StarCompliance is self-certified to the:
    – EU-U.S. Privacy Shield Framework
    – SWISS-U.S. Privacy Shield Framework
RISK

ISO 27005 is the Risk Management Framework that underpins ISO 9001 and ISO 27001. Risks are identified internally by our Information Security and Data Protection team and externally in our annual, independent, third-party audits.

COMPLIANCE

Our compliance program includes:

  • Audits – periodic assessments to identify non-conformities and opportunities for improvement with:
    -Internal audits led by our Information Security Officer (CISSP)
    – Annual, external audits by independent, third parties (ISO 27001, ISO 9001)
    – Ad-hoc, on-site client-sponsored audits
  • Regulatory and legislative compliance, including the upcoming EU General Data Protection Regulation (GDPR).