ISO certification & Fair Data

Information Security Policy  

Information Security Management System, MarketResponse International Group

At MarketResponse, we create insights for our clients to improve their opportunities. To be able to do that in a structured way, we are convinced that we must implement a comprehensive and complete set of controls to protect and secure our data and these of our customers. Next to that we have to follow the common way of working for market research. This way we can ensure secure services for our customers. 

This document is created, published and maintained to comply with the ISO27001:2022 Information Security Management System. This policy is our statement elaborates our information security management system in more detail on: 

• Our strategic principles on information security 
• The objectives of our management system and controls 
• The necessary role and responsibilities  
• The commitment we have on the continuous improvement of the requirements  

The statement is reviewed and adapted annually, or on events that impact our security. This statement is communicated within the organization and it is available to all interested parties, on our website. 

Prepared by Jorgen Botermans
Director of MarketResponse International Group 

Principles  

Data is our most important raw material. This fact forces us to handle data very carefully. Not only to comply with the legal requirements, but also to guarantee the reputation and thus the continuity of MarketResponse.  We achieve this we follow the next strategic principles to add value to the core aspects of information: 

• Confidentiality: Access to data assets must be limited to authorized individuals only 
• Integrity: Maintaining IT systems, ensuring they remain reliable and fit for purpose 
• Availability: Ensuring authorized users have access to relevant information or policies when necessary 

Objectives 

Our main objectives are: 

• Protecting information from unauthorized access and disclosure, by eliminating internal and external threads. 
• Assuring the reliability and accuracy of information and IT resources by guarding against unauthorized information modification or destruction. 
• Defending information systems and resources to ensure timely and reliable access and use of information. 

All implemented controls must add value to the principles and the objectives. We are confident that the set of controls we implemented serves the objectives and the purpose of the organization. 

Roles and responsibilities 

As a prerequisite, we defined the needed roles and responsibilities within the organization. Annually our conformance to the ISO27001 standard is checked by BSI Group and for ISO20252 this is checked by Stichting Toetsingsbureau KCC. Next to that, we have appointed a compliance officer, fulfilling the role of security and privacy officer, and a (external) data protection officer, responsible for the monitoring and maintenance of the management systems. We also have set ownership of risk and controls in the first line of business, this will ensure that the controls will be effective, and the risk mitigated. 

 In the end, the ultimate responsibility for the policy on the security and internal control of the provision of information rests with the management. 

Commitment  

We have committed ourselves to continuously improvement on the information security management system and the applicable requirements, including the scope, demands and expectations of the interested parties, the document system, the needed awareness for all staff and communication.