Commitment to Efficiency, Quality and Security
We take data security, privacy, and quality very seriously at The Marcura Group. Our systems and processes incorporate security-&-privacy-by-design from inception. At an executive level, it is our highest priority to safeguard the integrity, confidentiality, and privacy of our partners, agents, and customer information and transactions.
Our dedicated teams work diligently to maintain reliable systems and processes that reduce our customers’ exposure to legal, financial, transactional, regulatory, and operational risks.
This commitment is supported by the Group Information Security & Compliance Department, operating under the oversight of the Board of Directors to ensure effective governance and accountability.
Data and information security
In terms of data backup, Marcura Group follows the best practice of the 3-2-1 backup strategy rule:
• Have at least three copies of your data.
• Store the copies on two different media.
• Keep one backup copy off-site.
All our backups are encrypted, and passwords are securely stored. Backup Immutability protects data from modification or deletion. This is the best available option to protect from ransomware or malware attacks.
The Marcura Group also has a Business Continuity and Disaster Recovery (BCDR) plan to ensure continuity of operations in the event of an extended disruption of processing ability.
LRQA Audits & ISO Standards
Marcura currently holds the following ISO certifications:
ISO 9001 Quality Management System (QMS): certified since 2004 by Lloyd’s Register and audited biannually
ISO/IEC 27001 Information Security Management System (ISMS): certified since 2018 by Lloyd’s Register and audited biannually
ISO 14001 Environment Management System (EMS): certified in 2021 by Lloyd’s Register and audited biannually
ISO 45001 Occupational Health and Safety Management System (OHSMS): certified in 2021 by Lloyd’s Register and audited biannually
Every six months the Group undergoes external audits conducted by Lloyd’s Register. Additionally, we conduct internal audits throughout the year, performed by the audit team, to ensure compliance with ISO standards and drive continuous process improvements.
In 2024, the Group Information Security & Compliance Department audited 51 Dept and 77 processes.
Deloitte Audits & SOC2 (ISAE3402 Type II Reporting)
In keeping with the requirements of Section 404 of the Sarbanes-Oxley Act, DA-Desk is audited annually by Deloitte, the global accounting firm, which issues an ISAE No. 3402 Type II letter and report to signify that general controls are suitably designed and operating effectively.
It also includes the following elements:
integrity and ethical values
commitment to competence
management controls
organisational structure
assignment of authority and responsibility
human resources policies and practices.
Privacy & GDPR
With the introduction of the General Data Protection Regulation (GDPR) in May 2018, Marcura has taken steps and initiated various measures to comply with its obligation, including but not limited to:
appointing a Data Protection Officer
creating a GDPR task force
voluntarily registering with the UK’s Information Commissioner’s Office
completing data protection impact assessment audit.
