Safety of your data is our priority

At Office Samurai, we take data security seriously and implement robust measures to ensure your information is protected at every step. It’s a fundamental aspect of how we operate – giving you peace of mind, so you can focus on innovation.

Our security policies cover every aspect of data protection: compliance with GDPR, ISO certification, access control, encryption and industry best practices.

Industry-recognized security and compliance

We follow highest security and compliance standards, aligning with both globally recognized frameworks and EU regulations, continuously adapting to evolving security landscapes.

GDPR (RODO)

We strictly comply with the General Data Protection Regulation (GDPR), ensuring personal data is processed lawfully and transparently. Our practices emphasize purpose limitation, data minimization and accuracy, including the highest standards of confidentiality.

ISO 9001:2015

We are certified under ISO 9001:2015, the internationally recognized standard for quality management systems. This certification reflects our commitment to consistent quality, continuous improvement, and customer satisfaction across all our processes.

ISO 14001:2015

This certification – the international standard for environmental management systems (EMS) – demonstrates our commitment to sustainable practices, ensuring our operations minimize environmental impact and comply with applicable laws and regulations.

ISO 45001:2024

Certified under ISO 45001:2024, the international standard for occupational health and safety management systems, we provide safe and healthy workplaces by preventing work-related injuries and illnesses, and by proactively improving our OH&S performance.

ISO/IEC 27001:2023

Globally recognized standard for Information Security Management Systems (ISMS). This certification shows our commitment to systematically managing sensitive information, ensuring its confidentiality, integrity, and availability.

Safe and reliable project delivery

We prioritize security at every stage of project delivery:

We enforce strict access controls and multi-factor authentication (MFA) to prevent unauthorized access to sensitive systems and project data. Access is granted on a least privilege basis, ensuring only authorized personnel can interact with confidential information.
Data classification policies define the appropriate security levels for different types of information: confidential, sensitive, shareable, public, and private.
Project data is safeguarded with VPN-protected remote connections. Secure mutual authentication between clients and servers ensures only trusted devices can access the internal network.
We are covered by a €1 million business liability insurance policy, ensuring financial protection and risk mitigation for our clients in the unlikely event of security incidents or disruptions.
We maintain data backups to ensure business continuity in case of data loss, cyber incidents, or system failures.
We strictly follow GDPR principles, ensuring that project data is lawfully processed, minimized, and stored only as long as necessary. Personal data is safeguarded against unauthorized access and accidental loss.

IT Security

To safeguard our internal IT infrastructure, we enforce strict security policies:

All systems handling sensitive information require password-based access control, with strict complexity rules and expiration policies. Users must have unique, private credentials to access IT services, and password sharing is strictly forbidden. Each employee must use a password manager application (KeePass).
Corporate email accounts are strictly for business use, with anti-spam scanning to prevent unauthorized access or leaks. Outgoing emails containing sensitive data require encryption, and unauthorized forwarding of confidential information is prohibited.
Internet access is restricted to business purposes. Personal browsing is allowed within reasonable limits, but access to high-risk or inappropriate websites is strictly forbidden.
All workstations, servers, and portable devices must have an approved, centrally managed antivirus with real-time protection and automatic updates.

Security starts with people

Technical security measures are crucial, but educating and training employees is just as important – if not more. Security should be a mindset embedded in everyday work.

We conduct security training sessions to keep employees aware of the latest threats, best practices, and company policies. Training ensures that security is a shared responsibility across all employees.
New employees receive security instructions as part of onboarding, ensuring that security awareness starts from day one. Understanding policies and best practices is a requirement before accessing company systems.
Every employee is obligated to use KeePass, a secure password manager, to safely store and manage credentials. This ensures that strong, unique passwords are used across all systems, reducing the risk of compromised accounts.
Employees can quickly report phishing attempts, helping security officers respond immediately and increasing overall awareness. Reported cases are shared internally so everyone stays informed and alert to real-world threats.

Doing business the right way

We are committed to conducting business with integrity, fairness, and transparency. Our policies ensure strict compliance with ethical standards:

We fully comply with the UK Modern Slavery Act 2015, ensuring that our business remains free from forced labor and exploitation.
We enforce a zero-tolerance approach to bribery and corruption across all operations, ensuring that our employees, contractors, and partners uphold the highest ethical standards.
We uphold fairness and transparency in all business decisions by actively preventing conflicts of interest. Employees are required to disclose any personal, financial, or professional relationships that may interfere with their responsibilities.

Frequently Asked Questions

Let us try to resolve your doubts – explore this section with common inquiries on service delivery.

We follow GDPR-compliant measures like encryption, access control, and audits to keep data secure and limit access to authorized personnel.

Emails are monitored for spam/malware and restricted to business use. Phishing attempts must be reported.

All accounts require strong passwords, use of password manager, regular changes, and MFA. Password sharing is strictly forbidden.

Access is granted under the principle of ‘least privilege’ using role-based permissions.

Don’t let questions hold up your next project

Ask a question or just say hello – we’ll get back to you within a day. It’s quick, it’s free, and it might save you a lot of trouble. During a short call (online/phone), we’ll discuss how we can help solve your challenges. We’ll guide you to the best of our knowledge, even if it means we can’t offer you our services.