Autenti, as a trust service provider, provides these services with the highest diligence, taking care of data security
Confidentiality
We ensure the confidentiality of information transmitted or stored on the Autenti Platform.
Support
We help you solve problems related to the use of the Autenti Platform and support you in selecting the appropriate services.
Security
We follow information security best practices, including encrypting all documents uploaded and stored on the Autenti Platform.
Compliance
with standards and regulations
To meet the highest requirements of our clients, we apply the best standards and practices.
Autenti has implemented and maintains an information management system in accordance with ISO/IEC 27001:2017 for: "Design and supervision of the development of Trust Services and Electronic Identification Services and their maintenance".
The compliance audit was conducted by the independent accredited body TÜV NORD Poland.
ISO 27001 is an international standard that standardises an information security management system. Obtaining the certificate in October 2023 is a milestone in Autenti's long-term strategy to improve the quality of security, as well as its concern for data confidentiality and privacy. In this way, Autenti guarantees its customers and partners the highest level of information security.
In addition, we declare compliance with the requirements of, in particular, the following:
- Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC,
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation),
- ETSI 319 401 Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers,
- ETSI 319 521 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Electronic Registered Delivery Service Providers.
The solutions offered by Autenti are used by entities in the supervised sector, i.e. banks, financial institutions and insurance companies. As such, we are required to comply with additional strictures and requirements that are systematically audited by our clients, including but not limited to the requirements of the European Banking Authority such as Recommendations on outsourcing to cloud service providers.
Autenti is a trusted partner for conducting responsible business. We build cooperation based on the highest standards and ethical principles.
Security and privacy
We take care of them every day!
We have implemented and are improving information security management in accordance with ISO/IEC 27001:2017. Business continuity management is implemented based on ISO 22301:2020.
We insist on the highest security standards by applying appropriate technical and procedural measures. As part of the implemented information security management system at Autenti, trusted roles have been established and entrusted to the best Autenti specialists.
Organisational security measures
-
application of the principle of minimising access and privileges
-
segregation of roles and responsibilities to ensure that there are no conflicts of interest
-
ensuring accountability of performed operations, including changes
-
ensuring adequate competence of staff
-
ensuring continuity of services
-
incident management
-
managing security in relations with suppliers
-
conducting regular audits and security tests
Technical security measures
-
data georedundancy
-
traffic encryption of dedicated channels connecting IPsec/SSL/TLS resources
-
encryption of data at rest
-
data transmission via SSL-encrypted channel in a standard no lower than TLS 1.2.
-
separation of user and signatory data for document signing processes
-
conducting systematic backups, allowing the environment to be restored with the principle of minimising data loss
-
logical separation of development, QA and production accounts and environments
-
monitoring of services, applied security measures and risks
-
ensuring scalability and integrity
The average availability of our services over the last few years has been over 99%.
On request, we provide technical support (SLA) and guaranteed availability of services.
Personal data protection
-
We operate on the basis of developed and implemented data protection policies, both as an independent controller and processor
-
Compliance with these is supervised by a Data Protection Officer. Any questions or objections can be addressed to dpo@autenti.com
-
We adhere to the principles of minimisation and retention of personal data.
-
Only authorised persons who have been obliged to maintain confidentiality have access to personal data
-
We process our customers' data entrusted to us exclusively in the European Economic Area.
-
We work only with experienced, proven suppliers to whom we entrust the processing of personal data, who give the highest assurance of the services provided.
-
We apply the principles of privacy by design and privacy by default. You can read about the principles of personal data processing in our Privacy Policy.
Autenti is committed to building the ethics of the provided trust service
Corporate social responsibility (CSR)
We implement and apply business ethics, not only towards our customers, but also towards our business partners and employees. We want to create a socially credible business, because 'trust' is our speciality. We shape the long-term development of our strategy, including from an environmental perspective. Our mission is to make society paperless, both in business and in personal life, for the economic benefit of our customers and for the benefit of the environment.