For Mcom, Corporate Governance is all about steering and managing, about responsibility and accountability and about reporting and supervision; focusing on good manners and ground rules. These principles are regarded as broadly supported and generally held opinions about good Corporate Governance.
Highlight, analyse, evaluate and manage
Sound risk management is essential at Mcom if we are to guarantee and optimise the quality and continuity of our service delivery. To that end, we identify and quantify potential risks and define management measures to positively influence the chance of the risk materialising or the consequences thereof.
Compliance with law and legislation
At Mcom, Compliance is about adhering to the law and legislation, as well as about adhering to standards and rules. At Mcom we perform our tasks in line with:
- ISO 9001: 2008. This standard includes requirements for a quality management system with specific attention to customer satisfaction. ISO 9001 is used to assess whether the organisation is in a position to meet the requirements of customers, the law and legislation and the requirements of its own organisation.
- ISO 27001: 2005. This standard specifies the requirements for establishing, implementing, executing, safeguarding, evaluating, maintaining and improving a documented Information Security Management System (ISMS) within the context of the general business risks for the organisation. The ISMS was designed with appropriate and proportional security measures in mind, which secure the information properly and offer trust.
- TLS Handboek Regels en Procedures 3.0 (HRP). This relates to a description of the OV-chipkaart scheme, also setting out the rules and procedures for execution of the scheme (roles) of the Load Agent and Card Distributor.
- ITIL: The Information Technology Infrastructure Library was developed as a frame of reference for the setting up of the management processes within an ICT organisation. ITIL is not a method or model, but rather a series of best practices.
- Wbp: De Wet bescherming persoonsgegevens (Dutch Personal Data Protection Act) governs how organisations need to deal with personal data.