AREMIS Trust Center

Keeping our customers' information secure is the highest priority at AREMIS. Our security-first approach is fundamental to our business. Our board is committed to providing and maintaining the level of Quality and Information Security that meets all of our stakeholders' needs.

Our purposes are to:

  • promote a culture that enables each employee to do their job right, the first time and every time, in a safe and stimulating work environment;

  • ensure transparency in our realization of business activities;

  • preserve the availability, integrity, confidentiality, and traceability of our information assets and maintain our legal and contractual compliance;

  • systematically examine organizational information security risks and implement security controls to address unacceptable risks;

  • establish clear and mutually beneficial relationships with relevant interested parties and strive to exceed their expectations where possible.

Information Security Management System (ISMS) Scope and Exclusions

AREMIS has established an Information Security Management System (ISMS) certified under ISO/IEC 27001:2013. This system enables us to systematically operate and maintain information security in our business processes and services and to determine and apply the necessary security measures based on our risk assessment. We have implemented a security incident management process to detect and remediate security incidents effectively. Regular penetration tests are performed to evaluate our IT infrastructure, identify vulnerabilities, and areas for improvement.

ISMS Scope: The scope of AREMIS' ISMS covers all processes and services related to the hosting, operation, and maintenance of the Integrated Workplace Management System (IWMS) called ARCHIBUS, provided by AREMIS to its customers.

The scope includes:

  • AREMIS Cloud Services: Hosting and managing Integrated Workplace Management Systems (IWMS) for clients.

  • Client Support Services: Addressing technical security services, as well as the management and operation requirements for information security to support the AREMIS Cloud Services.

  • Implementation Services: Development and implementation services related to AREMIS Cloud Services.

Exclusions: The following elements are excluded from the scope of AREMIS' ISMS:

Internal processes not directly related to the delivery of AREMIS Cloud Services, such as:

  • All other internal processes such as sales and marketing, account and billing administration, purchasing and supplier management, financial reporting, and accounting not directly related to fulfilling parts of AREMIS' obligations towards its clients.

  • All services or parts thereof performed by AREMIS subcontractors for activities not directly related to fulfilling parts of AREMIS' obligations towards its clients.

  • Other AREMIS activities not related to the AREMIS Cloud Services.

The ISMS scope ensures that all critical business information processed by AREMIS remains secure and that we comply with applicable legal, regulatory, and contractual obligations.

Security Awareness and Training Practices at AREMIS

One crucial foundation for the effectiveness of the ISMS is the security awareness of all AREMIS employees. AREMIS ensures that its employees stay informed and up-to-date on current issues and best practices in information security through regular training sessions. This includes attending an annual refresher training and completing a test to assess their understanding of our practices and policies.

As part of the induction training, all newly hired employees are required to participate in mandatory information security training. This ensures that they receive the necessary knowledge and awareness from the beginning of their employment. AREMIS employees are expected to adhere to a set of information security policies, which undergo regular reviews to ensure their relevance and effectiveness. Additionally, employees undergo periodic phishing tests to enhance their awareness of cybersecurity threats.

Certifications and Compliance Frameworks

In this section, we provide an overview of the certifications and compliance frameworks that our organization and vendors adhere to. We have undertaken rigorous assessments and implemented robust measures to ensure that our processes, systems, and infrastructure meet the highest standards of security and compliance.

By maintaining these certifications and complying with relevant regulations, we demonstrate our dedication to providing our customers with a secure and trusted environment for their data. We continuously strive to exceed industry standards and evolve our practices to stay ahead of emerging security challenges.

Code of conduct and Confidentiality agreements

AREMIS employees are mandated to sign a code of conduct and a confidentiality clause as an integral part of their employment contract, granting them access to our platform. This clause explicitly prohibits the disclosure of any confidential information pertaining to the business of AREMIS and its customers. These obligations and duties continue to be binding even after the termination of employment.

Certifications

AREMIS' Cloud Services operate under an information security management system that is certified ISO/IEC 27001:2013. This certification signifies adherence to one of the most globally recognized standards for information security in both development and operational aspects.

In addition to being certified ISO/IEC 27001:2013, AREMIS undergoes regular assessments by CyberVadis, a reputable third-party organization specializing in evaluating information security practices. CyberVadis assesses AREMIS' supply chain information security performance and ensures compliance with industry standards. This collaboration highlights AREMIS' commitment to maintaining a robust and secure information security management system, validated by both internal and external assessments.

 

SGS_ISO_27001