We strive for the services we provide to be at a highest level. Management of IT processes in the area of ​​Comarch ICT is based on the best practices of ITIL v3. It is the most widely accepted concept in the world of IT service management. ITIL is a set of best management practices. The collection contains tips, suggestions, and practices that guide to the most effective and efficient rendition of services. In Comarch the following processes are covered by these activities: change management, incident management, problem management, configuration management.

Integrated Management System (IMS)

Integrated Management System

Comarch ICT activity is covered by the Integrated Management System (IMS) which is implemented and maintained throughout the company. It meets the requirements of the following standards:

  • PN-EN ISO 9001:2015-10 Quality Management Systems
  • PN-EN ISO 14001:2015-09 Environmental Management Systems
  • PN-N-18001:2004 Occupational Safety and Health Management Systems
  • PN-ISO/IEC 27001:2014-12 Information Security Management Systems
  • PN-EN ISO 50001:2012 Energy Management Systems

Confirmation of compliance with certain standards is the certificate of the Integrated Management System, issued by the Polish Center for Testing and Certification, which cooperates with Comarch in terms of surveillance and certification audits. More information about implemented standards  is available here.

Internal Compliance Program

Export Control System (WSK)

Comarch’s activities in IT infrastructure are related to the commercial provision of technologically advanced IT products. Comarch SA was one of the first companies in Poland to obtain an Export Control System certificate for the trade of dual-use goods in accordance with the Act of 29.11.2000 on foreign trade in goods, technologies and services of strategic importance for national security and for the maintenance on international peace and security. Comarch SA obtained a certificate which confirms conformance with Art. 11 (2) of this Act in the following scope of activities: export, import, intra-Community transfer, technical support, brokering services of goods, technologies and services of strategic importance. The certificate was issued by the Polish Center for Testing and Certification and is available here.

ISAE 3402 type I and II

ISAE 3402 type I and II

At the beginning of 2012, we launched the "ISAE 3402 TrustedProjects " program. It  is dedicated to customers who require services of the highest quality. Customers participating in the program receive a guarantee of annual audits of projects designed to meet the requirements of ISAE 3402 (formerly SAS70). The attained certificate has been developed based on the relevant standards governing the assessment of the internal control environment of organizations that provide outsourcing services. On its basis an independent study is conducted and the auditor's opinion presented, which entitles the audited party  to receive the Type I certificate (assessment of the adequacy of the internal control environment of the project or Type II ( assessment of the adequacy and tests of the effectiveness of the internal control environment). The entity authorized to carry out the audit is a consulting firm KPMG.

Prince 2

Prince 2

Concerned about the quality of services, we manage projects according to the PRINCE2 method (Project In Controlled Environment). It is an approach to management based on processes that can be easily adapted to the individual needs of our customers. PRINCE2 is a project management methodology, regardless of the project’s size or type. The main advantage is the flexibility and adaptability to the team and to the various levels of complexity of the project.

Prince 2


PCI DSS certification (Payment Card Industry Data Security Standard), owned by Comarch means that the data transaction used in cards payment, such as data cards and PIN numbers, are encrypted, transmitted and stored in compliance with strict procedures and the best security standards. The major purpose of PCI DSS certification is to prevent sensitive data leaks, as well as minimizing the risk of hacking into systems and crimes related to this. Supervise the implementation of the PCI DSS holds a non-governmental organization PCI SSC (Payment Card Industry Security Standards Council). Its task is to define the PCI DSS standards, certification of companies and auditors that are responsible for the audit of compliance and unification of verification process.

Encountering Digital Challenges?

Clear Your Path with Our Free No-Risk Consultation.

    Related materials

    Future of Data Centers
    Building the Public Cloud: The Future of Data Centers

    Learn how to build an effective, comprehensive public cloud strategy, optimize cloud costs, and maximize uptime.  

    Download the White Paper

    Comarch Data Center
    Comarch Opens a New Data Center in the Phoenix Metro Area

    Comarch, a global leader in IT solutions, announced the opening of its new 32,000-square-foot data center in Phoenix, Arizona.

    Read news

    Data Center Dominance - Comarch Featured in Forbes

    A New Facility In Mesa, Arizona, Helps Enterprises Reach Their Performance Pinnacle.

    Read the full article

    Data Center Video
    Data Center Video

    Let Us Manage Your IT Infrastructure so You Can Focus on Running Your Business Worry-free

    Watch the video

    The Business Potential of Cloud Migration
    The Business Potential of Cloud Migration

    Curious about the state of Cloud Migration? This white paper reveals surprising trends. Delve into this collaborative study, presenting insights from decision-makers from Germany, Austria, and Switzerland.

    Download the White Paper

    Success Stories

    How Can We Help? 💬

    Want to reduce the cost of your IT infrastructure? Need improved data security? Let’s chat.

    Schedule a discovery call