Contact

POLITICA PRIVIND SISTEMUL DE MANAGEMENT AL CALITATII (SMC) SI SISTEMUL DE MANAGEMENT AL SECURITATII INFORMATIEI (SMSI), PRECUM SI ANGAJAMENTUL MANAGEMENTULUI CIT ONE PRIVIND IMPLEMENTAREA, MENTINEREA SI IMBUNATATIREA SISTEMULUI DE MANAGEMENT AL CALITATII SI SISTEMULUI DE MANAGEMENT AL SECURITATII INFORMATIEI

1.1. Policy on Quality Management and Information Security Management

CIT ONE management has decided to implement and certify the Integrated Quality Management System as well as the Information Security Management System, in accordance with the requirements of ISO 9001 and ISO/IEC 27001 standards.

By maintaining and continually improving these systems, CIT ONE aims to fully and consistently meet the requirements and expectations of its clients, as well as those of all stakeholders, thereby preserving and strengthening the trust placed in the Company. The Company’s management and employees are aware that the client is at the center of CIT ONE’s activity, and that clients assess us based on the quality of the services we provide.

Through the implementation of the requirements of the Integrated Management System, the interests of stakeholders, the personal data processed, the information of interested parties, and the Company’s informational assets are protected against all threats, whether internal or external, deliberate or accidental.

CIT ONE, through its management, is committed to ensuring:

  • Increased client satisfaction through the continuous improvement of the quality of services provided;
  • Protection of personal data, stakeholder information, and the informational assets of the Company and its partners against all threats;
  • Ensuring the confidentiality, integrity, and availability of personal data and information;
  • Sustainable use of resources and environmental protection;
  • Reduction of waste generated by the Company’s activities;
  • Prevention of accidents, occupational illnesses, and stress;
  • Maintenance and improvement of occupational health and safety performance;
  • Establishment of an internal system for monitoring operational risks (risks of accidents and occupational illnesses, information security risks, risks affecting the quality system, etc.);
  • Implementation of monitoring, measurement, and analysis actions for services in order to improve their effectiveness and efficiency;
  • Awareness, training, and motivation of employees to create an organizational culture focused on quality, personal data and information security, environment, and occupational health and safety;
  • Execution of processes in compliance with applicable regulations on quality, personal data and information security, environment, occupational health and safety, and social responsibility;
  • Implementation of a business continuity strategy and mechanisms for monitoring critical situations;
  • Maintenance of a coherent set of ethical norms and principles to which management decisions and employee actions must adhere.

The QMS-ISMS Officers act as management representatives for the design, implementation, maintenance, and continual improvement of the Company’s Integrated Management System, with the authority and responsibility to ensure the proper implementation, maintenance, and improvement of the QMS-ISMS.

Department managers shall take all necessary measures to ensure that this policy is understood, implemented, and maintained within the functional entities they manage.

Each employee has the obligation to be aware of the requirements of the Quality Management System and the Information Security Management System, the objectives related to quality, personal data security, and information security, and to continuously improve their activity.

The Integrated Management System covers all Company activities and provides CIT ONE management with control over the quality of services provided. The Integrated Management System shall be used, continually improved, and extended in order to maintain control over nonconformities, incidents, and the continual improvement of processes and services.

Scope of certification for the management system includes:

Cash-in-Transit Services

  • Transport for bank units/branches;
  • Transport for corporate clients;
  • Transport for ATMs with cash-in functionality only;
  • Transport for ATMs with cash-out functionality OR with both cash-in and cash-out functionality;
  • Transport between CIT ONE regions;
  • Document transport.

Cash Processing

  • Banknote and coin processing;
  • Banknote processing for ATMs (cassette loading and unloading/bag unloading);
  • Fund counting (delivery of cash with a fixed structure specified by the client).

ATM Services

  • FLM (First Line Maintenance) technical interventions;
  • SLM (Second Line Maintenance) technical interventions (including SLM support);
  • Scheduled maintenance (including maintenance support).

These activities are carried out at CIT ONE processing centers and at client premises.

1.2. CIT ONE Management Commitment to the Implementation and Improvement of the Quality Management System and the Information Security Management System

CIT ONE management considers that the Company’s positive results, as well as the achievement of its objectives, can be attained through the involvement of all employees and will ensure the provision of the resources and means necessary for the delivery of services in a stimulating environment, based on both horizontal and vertical collaboration within the Company, as well as with relevant stakeholders.

The Integrated Management System, under the authority of Company Management, covers all functional entities within CIT ONE and is applied, improved, and extended across the entire organization to ensure the efficiency and effectiveness of activities.

CIT ONE S.A. Management expresses its firm commitment to:

  • fulfilling requirements related to quality, personal data and information security, environment, occupational health and safety, and social responsibility, through the involvement of all employees;
  • fully complying with and applying the provisions of the Integrated Management System, mandatory for all Company personnel;
  • ensuring the resources necessary for establishing, implementing, maintaining, and continually improving the management system;
  • ensuring global control of operational risks and maintaining an acceptable level of exposure to risk at minimum cost;
  • upholding a set of ethical norms and principles to which all personnel actions must adhere;
  • continually improving the Integrated Management System.

CIT ONE management, together with the QMS-ISMS Officers, is directly involved in ensuring the functioning of the Integrated Management System within the Company.

The responsibility for maintaining and continually improving the QMS-ISMS lies entirely with the Chief Executive Officer and the department heads.

The Quality and Information Security Policy will be periodically updated to ensure continuous adaptation to the Company’s needs and will be made available to employees, clients, and stakeholders.

To achieve the Company’s objectives, applicable operational risks have been identified (including threats, vulnerabilities, impacts, and likelihood of occurrence). To mitigate these risks, technical security measures have been applied at the physical, human resources, and IT levels (hardware configuration and deployment, software applications, etc.).

The effectiveness of the implementation of security measures related to the Company’s objectives and existing risks concerning the QMS-ISMS is measured through internal audits and operational controls.

Company management provides evidence of its commitment to planning, establishing, implementing, operating, monitoring, analyzing, maintaining, and continually improving the QMS-ISMS by:

a) establishing and communicating the scope of the QMS-ISMS, its policy, and objectives;

b) ensuring that service management plans and measures are created, implemented, and maintained in order to guarantee compliance of services in terms of quality and information security, and to prevent nonconformities and incidents;

c) improving communication regarding legal and regulatory requirements and contractual obligations;

d) ensuring the provision of necessary resources;

e) protecting personal data and stakeholder information;

f) conducting management reviews at planned intervals;

g) ensuring that process- and service-related risks are evaluated and managed.

CIT ONE management undertakes the commitment to implement, maintain, and continually improve the Integrated Quality and Information Security Management System in accordance with applicable standards and regulatory requirements.

CIT ONE management is constantly attentive and allocates resources to analyzing how climate phenomena may influence the functioning, effectiveness, and resilience of the quality and information security management systems, and will implement measures to reduce their impact on the quality of services and the security of information.

The CIT ONE Quality and Information Security Policy must be known, understood, and applied by all employees of the Company. This document is public and available to all interested parties.

Chief Executive Officer,
Răzvan Marian GHELMECI

Date: 24.03.2025



E020.05.2025- QMS-ISMS Manual

Articole relevante

Extras din Politica Anticoruptie CIT One

Citește acum

Extras din Procedura privind prevenirea si combaterea hartuirii

Citește acum

Politica de confidentialitate website

Citește acum

Termeni si Conditii

Citește acum