ANNUAL REPORT - Raiffeisen Informatik

VII.1. QUALITY, SECURITY AND EFFECTIVENESSAs a high-security computing centre, Raiffeisen Informatikstrives to provide services to its owners and customersthat feature an ideal balance of quality, security and costs.This is made possible by structured workflows, highqualityand secure services and products. In this context,the established workflows are constantly being revisedto identify new potential for improvement and to learnfrom errors and their causes.The basis of the structured quality and information securitymanagement system at Raiffeisen Informatik is a certifiedmanagement system called “M.a.P.” (= Managementall Processes) based on the ISO Standard 9001:2008Quality Management Systems Requirements and ISO27001:2005 Information Security Management System.This means that the work procedures, processes andtheir documentation are constantly being adjusted to newsituations and proactively and continuously improved.The Comparex group is also certified according to ISOStandard 9001:2008.Security always enjoys the highest priority at RaiffeisenInformatik. For this reason, the company set up anInformation Security Management System (ISMS) certifiedaccording to ISO 27001:2005 since 2004. ISOStandard Norm 27001 is an internationally recognizedsecurity standard. The Information Security ManagementSystem (ISMS) systematically, comprehensively,sustainably and verifiably guarantees a high level ofsecurity.Raiffeisen Informatik has a large number of SAP certificates.For example, the central system developed byRaiffeisen Informatik for the Austrian truck toll system iscertified as “SAP powered by Netweaver”. With thisstatus, SAP confirms that the software used for the trucktoll system meets all functionalities and requirements.Therefore, the Raiffeisen Informatik truck toll system isthe first toll system that features SAP certification.As the first company worldwide, Raiffeisen Informatikwas promoted directly after the SAP Operations CompetenceAssessment to a certified Customer CompetenceCentre (SAP CCC). This certificate, acquired for the firsttime in 2003 and regularly renewed since then, officiallyconfirms that Raiffeisen Informatik has implementedall processes required for SAP operation and support inan exemplary manner. The support strategy and theareas of responsibility within the organization are clearlydefined and assigned. The routine recertification – nowunder the concept “Customer Center of Expertise of SAP”(SAP-CCoE) – highlights the continuous quality ofservice and the high degree of expert competence andskills at Raiffeisen Informatik.Since 2006, Raiffeisen Informatik has been a SAP HostingPartner through the qualification audit, SAP AdaptiveIT Provider, and was awarded the highest quality grade,“Excellent”, for its SAP Hosting Partner status, makingit a member of the exclusive group of certified providersworldwide that enjoy this status. This audit by SAPconfirms that Raiffeisen Informatik meets all requirementsdemanded by SAP of a professional service andsolution hosting partner. The audit pays special attentionto the areas of data centre equipment, security, network,backup and recovery, IT service management processes,SAP applications hosting, project management and SAPadministrator know-how. All of these areas were givena very good assessment at the first audit just like at thesubsequent recertification. The exceptional performanceand work were recognized at the recertification 2012and the company retained its quality status of “Excellent”.Certification confirms that Raifeissen Informatik guaranteesthe highest quality of services to its SAP customers.In 2008, Raiffeisen Informatik was certified for the firsttime as a “SAP-certified Provider of Application ManagementServices” (SAP AMS) for the Austrian market. Thiscertificate is objective proof of the capabilities of the ITservice provider for the Application Management Servicesfor SAP. This highest possible certification of theRaiffeisen Informatik SAP competence centre is evidencethat the company provides highly quality SAP servicesfor all locations such as user support, maintenance andfurther development of SAP applications, training coursesas well as basic SAP operations. The audit confirmedcompliance with international standards such as ITIL,but it also inspected adherence to guidelines in the areaof security and the execution of regular quality securitycycles.Raiffeisen Informatik operates one of the most secure datacentres in Austria. This has also been confirmed by TÜVInformationstechnik GmbH (TÜViT): The specialist forthe certification of data centres awarded the data centre ofAustria’s largest IT provider with the quality seal “TÜVTrusted Site Infrastructure” (TSI). Raiffeisen Informatik isthe first IT service provider with a TÜV-certified data centrein Austria.The TÜV TSI certification verifies that the data centre ofRaiffeisen Informatik is operated in a highly reliable andresponsible manner. The independent audit seal confirmsthat it meets the latest quality standards and that RaiffeisenInformatik customers can rely on a high availability andfailsafe infrastructure when outsourcing their data andservices.The independent TÜV TSI audit seal was awarded mainlybecause it ensures high availability operations, compliancewith the technical and organizational requirements (powersupply, air conditioning, fire protection, maintenance,access controls, etc.) as well as detailed documentationprocesses that guarantee the outstanding quality andsecurity of the data centre.AUDITED ISAE3402 TYPE 2 CONTROLEFFECTIVENESSAs in the past years, in 2012 an audit was conducted atRaiffeisen Informatik of the concept, the setup and operationalefficiency of the service-related internal controlsystems. The results of this audit are included in the finalaudits of customers that have outsourced key parts oftheir IT operations to Raiffeisen Informatik. In the pastyear, this audit was done for the first time according tothe international auditing standards for outsourcing, ISAE3402 Type 2. The execution of the audit was commissionedto PwC Wirtschaftsprüfung GmbH (PwC) andMulticont Revisions- und Treuhand Gesellschaft m.b.H.(Multicont).The audited service-related internal control system ofRaiffeisen Informatik comprises applications-independentcontrolling of IT operations, outsourcing, security servicesand client management, controls for selected technicalplatforms and application-specific operating checks fordefined applications insofar as these are not covered bythe application-independent controls.The report includes a description of the internal controlsystem, a letter from the management board, and adescription of the control activities and targets of relevancefor the audit.The application-independent audits cover the followingthemes:■ Implementation and commissioning of newIT infrastructure■ Management and installation of changes■ Management of services, data and operations ofdifferent types■ Physical infrastructure and management of suppliers■ Business continuity management■ Incident and problem management■ Definition of corporate goals■ Management system and documentation■ Aspects of personnel management■ Management of information security-related risks■ Evaluation and monitoring of IT performance, internalcontrols and complianceFinancial Statements Certifications and Awards Risk Management CSR Group Management Report Group Profile Corporate Bodies / Shareholders Preface84 85