Quality and responsibility

Quality policy of ResComi Oy

High customer satisfaction

ResComi Oy is active in customer relationship management and customer focus is another of our values. We operate confidentially and with open interaction. Our staff take an active approach to customer relationship management and we can be reached easily and quickly.

Competent and active personnel

We invest in the competence of our personnel, and we want it to be of the highest-level! We monitor competence, the effectiveness of training and induction, and the certifications achieved by our personnel. We develop skills and operations together and encourage all personnel to actively participate in the development of operations. Each person has process- or project-specific roles, responsibilities and authority.

Commitment to fulfilling the requirements of standards and legislation

We operate responsibly and are committed to complying with the ISO 9001 standard and the legislation requirements in our operations. Additionally, we require our partners to act responsibly. We are actively pursuing our goal to meet the requirements of the ISO 27001 standard.

Continuous improvement

We improve our operations with a procedural operating model applying and developing processes. We have set up the means to improve the processes, and owners have been assigned for the processes, their task is to ensure the operational compliance and continuous improvement. We monitor customer satisfaction, feedback, deviations and development proposals, based on this we systematically improve our processes and operations.

Data security policy of ResComi Oy 

Information security objectives 

The goal of information security activities is to support ResComi Oy's business, protect its reputation and meet the security requirements set by the law, customers and other partners.

Data security means ensuring the confidentiality, integrity and usability of all data. ResComi Oy's management team has approved this policy and monitors its implementation. The appropriateness of the policy is evaluated annually.

The information security policy can be communicated to partners, customers and subcontractors in order to communicate security issues in connection with the procurement or delivery of services. For external parties such as subcontractors and service providers, the requirements of this policy are included in the procurement contracts where applicable.

The practical implementation of information security requires that employees and partners understand why information security is important. Understanding the risks in practice and managing them requires employees to follow detailed instructions as well as continuous information security training and familiarization of employees.

Neglecting information security can cause serious damage to our reputation and customer relations. Non-compliance with the policy or activities contrary to requirements are dealt with at a low tolerance threshold.

Data protection responsibilities and organization 

The person responsible for data protection is responsible for the data protection of personnel and stakeholders in accordance with the requirements of the EU Data Protection Regulation (GDPR).

Information security responsibilities and organization 

All persons working at ResComi Oy are responsible for information security issues as part of their other duties in accordance with their job description and areas of responsibility. This means that personal responsibility for taking care of information security cannot be transferred to others or outsourced.

Management of information security 
 

Information security officer’s responsibilities

• development of information security management, information security expertise of personnel and comprehensive security of information systems, and actively assist in information security issues.
• is responsible for the updating the current information security policy and other information security documentation together with the process owners.
• reports annually to the management team on the state of information security and measures taken, presenting an action plan for the next reporting period.

Executive team

• the managing director approves the information security policy and presents the resources required to implement information security. The management team monitors the implementation of the information security policy.

All workers 

All employees and temporary workers must follow the information security policy and any related instructions in their work. Personnel must inform their supervisor or the person in charge of any observations, issues or violations in information security.

External entities 

The data security requirements of this policy are attached to the agreements concerning external service providers, where applicable. The responsibility of these parties is to comply with the contractual information security requirements as agreed between the parties.

Information security audits and inspections can be performed to ensure that information security is implemented correctly.

Management system 

The management system has been prepared in accordance with the standards ISO 9001:2015 and ISO 27001. Their annual clock controls the information security monitoring measures. The information security situation is handled according to the annual clock and always in relation to major changes.

Risk assessment 

Information security risks are assessed in accordance with the principles of risk management as part of operations, and always in the definition phase of new systems and in connection with significant changes affecting the criticality of operations.

Information security risks are assessed and analysed based on their business implications. Their management is decided on the basis of the risk analysis