Information Security at TripMemo

TripMemo is into the travel business; our applications connect travellers to guides and other service providers over the internet. It’s never been more important to protect the information in our organisation. Cyber-attacks have become more prevalent and sophisticated; supply chains are more complex, and the volume of important information handled by our organisation continues to increase. If we do not make sure our information is secure, we could risk financial penalties or fines. We just can’t afford not to have a system in place to protect the information in our business. ISO/IEC 27001 helps us to manage information so that it remains safe and secure, helping us build a responsive and resilient business.

TripMemo has adapted ISO 27001:2013 as our framework for Information Security.

Internationally recognized ISO/IEC 27001 is an excellent framework which helps organisations to manage and protect their information assets so that they remain safe and secure. ISO/IEC 27001 helps us to protect our reputation, save money, achieve compliance, and reduce risks. By embracing the standard and putting in place effective processes, we send a clear signal to our customers, subscribers and other stakeholders about how serious we are regarding information security. Here is how ISO/IEC 27001 helps our organisation.

We bring information security into the heart of our business

It raises the importance of information security in our organisation and ensures it supports our business strategy and objectives. It is really a business management tool which helps us understand what information we have, where it is, and most importantly, how we protect it. It is the most effective way of managing our information and can save us from costly fines and losses.

Helps us win more business and protects our reputation

ISO/IEC 27001 clearly demonstrates that we take information security seriously. It helps reassure customers and subscribers that we have identified risks and have the best practice in place to control and minimize these. It helps to differentiate our organisation, satisfy supply chain requirements, and expand into new markets. It also protects us from the adverse publicity that comes with security breaches.

ISO/IEC 27001requires commitment and involvement from our leadership team. Top management are responsible for the system’s effectiveness and for making sure the whole organisation understands how we contribute to the Information Security Management System (ISMS). Recent trends show that people are as likely to cause a data breach as viruses and other types of malicious software. Creating a culture whereby the importance of information security is promoted and embraced avoids confusion and provides clarity.

Helps us identify risks and improve

We identify and manage risks relevant to our Information Security Management System and continually evaluate its effectiveness. This is particularly important when technology is constantly changing and new threats can arise unanticipatedly. We evaluate the effectiveness of the controls we put in place to manage risks and make sure they are proportionate to the potential impact on our business. This helps us to keep our organisation resilient and optimise the performance of our Information Security.

General Data Protection Regulation (GDPR) Europe

GDPR is an initiative by European Union on the Privacy Protection of EU Citizens. GRPR is effective from May 25, 2018.
The GDPR applies to data controllers and data processors established in the EU. It also becomes applicable to data controllers or processors offering goods or services to the EU. TripMemo being a data controller as well as data processor established in EU, we have taken utmost care to ensure we are in compliance with the GDPR requirements.
Our approach to GDPR compliance is based on the implementation of six principles of processing the personal data of our customers/subscribers as prescribed by GDPR.

Lawful Processing

TripMemo ensures that Personal Data is only processed lawfully, fairly and in a transparent manner in relation to the Travels and Subscribers.

Collected for Specific & Legitimate Purpose

We ensure that every data is collected for specified, explicit and legitimate purposes and not is further processed in a manner that is incompatible with those purposes. Further processing by our subscribers is based on the consent of the data subjects and is not to be considered incompatible with the initial purposes.

Adequate and Relevant

We ensure personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Accurate and Kept Up-to-date

TripMemo ensures the integrity of data and checks for its accuracy and, where necessary, are kept up to date. We ensure all reasonable measures are taken to ensure that personal data that are not accurate, having no regard to the purposes for which they are processed, are erased or rectified without delay.

Kept No Longer Than Necessary

Personal data is kept in a form which permits identification of travellers for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes or statistical purposes in accordance with Article 89(1) of GDPR subjected to implementation of the appropriate technical and organisational measures within TripMemo required by GDPR in order to safeguard the rights and freedoms of the users of the TripMemo applications.

Adequate Protection of Data

Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures. TripMemo follows ISO 27001:2013, since it is a very effective measure to ensure the Confidentiality and Integrity of personal data.

Here is how TripMemo benefits from its compliance with GDPR

❖ Builds trust in managing personal information ❖ Facilitates effective business agreements ❖ Supports compliance with privacy regulations ❖ Provides transparency between stakeholders ❖ Clarifies roles and responsibilities ❖ Reduces complexity by integrating with the leading Information Security Standard, ISO/IEC 27001