Over the last decade, Payroll Services in Mexico have been transformed due to the everchanging and demanding Mexican Legal environment and the phenomena of globalization, requiring them to become more and more specialized. For this reason we have adopted a global vision in which there exists a constant need for innovation and revision of all our processes. This is especially true in regards Information Security so that we can continue to offer excellence, quality and trust among our clients. At Nomitek we are certified in accordance with different regulatory frameworks that guide our processes and help to fulfill the various national and international standards established for service providers.
Our regulatory framework allows us to provide high standards regarding quality, personal data security also protects against bribery and/or corruption according our controls and technology designed for such purpose.
Nomitek counts with the following certifications:
• Report SOC 1 type II: ISAE 3402 / SSAE 18
• SO/IEC 27001:2013 Information Security Management
• NMX-I-27001-NYCE-2015 Certification: Mexican Standard for Information Security Management.
• ISO 37001:2016: Anti-Bribery Management Systems.
ISAE 3402
Since 2011, Nomitek counts with the Reports SOC 1 Type II: ISAE 3402. ISAE, the International Standard on Assurance Engagements is a norm that aims to grant that reports from organizations that offer Payroll Processing Services. ISAE 3402 allows to use an internationally accepted framework in order to have a unified and transparent tool regarding Internal Controls within organizations.
User entities, user auditors and organization auditors might be benefited by the ISAE 3402 Standard since it builds a trust path that guarantees an optimal report.
Know more: www.isae3402audits.com
SSAE 18
Since the creation of the International Standard ISAE 3402 in 2011, each country counts with a local norm so that all the specific requirements from the legislation are met and complied. In the United States of America the standard SAS 70 evolved into SSAE 16 and in May 2017 it was updated to SSAE 18 (Statement on Standards for Attestation Engagements 18) based on the international standard.
Count with a local standard is meaningful for organizations which headquarters are American and they are listed on the New York Stock. In that sense it might be required an attestation standard that applies both regulations altogether (ISAE 3402/SSAE 18).
In Nomitek we successfully comply with both attestation reports SOC 1 Type II since 2010, in such a way we demonstrate the robustness and maturity in our Internal Controls Systems and their effectivity.
ISO/IEC 27001:2013 Information Security Management Systems
It’s an international standard issued by the International Organization for Standardization as a management tool based on a risk-analysis methodology and its systematic treatment. The ISO/IED 27001:2013 implements poliices, procedures, physical and technical controls established to protect and secure the information availability, confidentiality and integrity of our clients.
Information Security Management is not only focused on cybersecurity or I.T Security (firewalls, anti-virus, etc.), but with process management and human resources, legal and physical protection, etc.
This certification allows us to comply with all international regulations regarding confidentiality and information security, therefore, it’s closely related with personal data protection since it establishes the methodology for its management within the organization (ISO 27001:2013).
The main benefits of counting with a vendor with such certifications are:
1. Legal compliance
2. Innovation
3. Trust and certainty
ISO 37001: 2016 – Anti-Bribery Management Systems.
ISO 37001: 2016 is a standard that aims to develop a management system that detects, alleviates and eliminates possible bribery acts as well as promote an anti-bribery culture among the entire organization.
Nomitek is one of the first companies in Mexico that counts with such certification and that makes us forerunners in the fight against corruption.
Summarizing, the ISO 37001:2016 certification aims to provide a framework to preserve organization’s integrity, legal compliance, regulatory and voluntary commitments, helps to fight the risks associated to corruption and promotes a corporate culture of integrity.
Global Compact
United Nations Global Compact was born in 2000 and it’s based on the commitment from CEOs of the participating organizations in implementing sustainability universal principles and to take actions to make The Sustainable Development Goals a reality.
This initiative was created to make the companies align its strategies and operations with Global Goals regarding Human Rights, Labor, Environment and Bribery. It is pivotal that every organization present a COP Report (Communication On Progress) presenting how their strategies are aligned with the Global Goals.
Nomitek is an active member of this important Network since 2009 and we can also help you to be part of this United Nations initiative and to create your report with our Corporate Social Responsibility Consultancy.