JCC INTERNAL CONTROLS
Enterprise Risk Management (ERM)
At a glance
The ERM Team is responsible for coordinating and articulating the instruments we use to implement our risk policies. They also regularly revaluate the maturity of risk assessments, train risk delegates, monitor escalated risks and prepares risk management reports for the Risk Committees (Board and Internal) and for the Board of Directors. ERM reports directly to the Board of Directors through the Board Risk Committee.Responsibilities
Our responsibilities include:- Determining JCC’s overall risk appetite
- Ensuring that all material risks are identified, measured and properly reported
- Informing our partners about JCC's risk exposure
- Submitting an annual review of the general business risks that may weaken JCC's going-concern-status
- Communicating with management about JCC's major risks, evaluating the measures taken by management to minimise those risks, and making recommendations accordingly
- Reviewing management’s proposals on risk strategy across all risk areas (credit, compliance and regulatory, information security, operational, etc.), and advising the Board Risk Committee accordingly
- Overseeing that all new projects, products, functions, systems, procedures, outsourcing arrangements, venture relationships, etc., are evaluated appropriately and that the necessary risk mitigation instruments are put in place prior to implementation
Information Security
At a glance
The Information Security Control Team is responsible for setting up and implementing our information security program. They support and advise JCC on all security-related issues. The overall purpose of the information security control team is to protect the confidentiality, integrity and availability of JCC's information assets. The Information Security Control Team reports to the Board of Directors through the Board Risk Committee.Responsibilities
Other responsibilities include:- Developing and implementing JCC's information security programme
- Creating and disseminating the company's information security policies and procedures to the company
- Ensuring that those policies are kept up-to-date and are being implemented
- Reporting significant threats, risks and any non-compliance to senior management
- Establishing and managing the information security training and awareness programme for all JCC employees
Policy
At JCC we are dedicated to serving our customers with high-quality services while prioritizing the confidentiality, integrity, and availability of information. Our commitment to information security is outlined in the following principles:-
1. Compliance with Standards:
- JCC and its associated third parties adhere to the Payment Card Industry Data Security Standard (PCI-DSS) when storing, processing, and/or transmitting cardholder data, implementing a system of measures to safeguard data and information systems
- JCC and its associated third parties, including vendors, comply with data protection laws, including the General Data Protection Regulation (GDPR)
- Compliance with eIDAS regulation involves maintaining a secure Public Key Infrastructure (PKI) for the provision of Qualified Trust Services for the issuance of EU Qualified Certificates 2. Binding Policies:
- Information Security Policies and Procedures are binding for all JCC employees and third parties 3. Data Protection:
- Protection against unauthorized access, use, modification, disclosure, destruction, loss, or transfer of data and information systems is a top priority 4. Security Awareness:
- JCC actively promotes security awareness for third parties, visitors, and employees throughout their employment 5. Information Systems Security:
- Information systems are protected in accordance with established Information Security Policies and Procedures 6. Business Continuity and Incident Management:
- A comprehensive Business Continuity Management System is maintained, along with a robust Incident Management Process, ensuring resilience, recovery, and contingency for vital services while preserving the confidentiality, integrity, and availability of information 7. Risk Management:
- Critical Information Assets, including electronic data, hardcopy, software, and hardware, are documented and classified. An annual Risk Assessment is conducted to identify potential threats and vulnerabilities, safeguarding the assets' Confidentiality, Integrity, and Availability 8. External Partnerships:
- Risks associated with sharing information and obtaining services from external parties are addressed through Non-Disclosure Agreements, Data Protection Agreements and Service Level Agreements, and continuous monitoring 9. Audits and Monitoring:
- We conduct regular security audits, monitor our systems continuously, and perform frequent security testing to identify and address potential vulnerabilities promptly 10. Incident Response:
- In the event of a security incident and/or a data breach, we have established procedures to respond promptly, investigate, and take appropriate actions to mitigate any potential impact
By choosing JCC Payment Systems, you can trust that your information is handled with the utmost care and diligence. If you have any questions or concerns regarding our information security practices, please contact us at customerservice@jcc.com.cy.
Compliance
At a glance
Our Compliance Team makes sure that all laws and regulations (local or EU, internal rules, or any compliance principles outlined in JCC’s Code of Conduct and established good business standards), are upheld. Integrity is an important part of managing compliance risk and the driving force behind JCC’s compliance activities. The compliance team is independent from the rest of the company and reports to the Board of Directors through JCC’s Board Risk Committee.Responsibilities
The Compliance Team is responsible for overseeing compliance in the following areas:- National and EU legislation
- JCC's approved procedures and policies
- Rules and regulations for card schemes
- JCC’s Code of Conduct and the integrity of its management and staff
- Conflict of interest issues between management, employees, suppliers or clients
- Money laundering and terrorism financing
Internal Audits
At a glance
The Internal Audit Team evaluates how effectively our company is governing itself and dealing with risk. They also oversee internal controls and monitor how well the company is meeting its goals and objectives. The Internal Audit Team reports to the Board of Directors through the Board Audit Committee.Responsibilities
Other responsibilities include:- Evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report that information
- Evaluating the systems that ensure compliance with any policies, plans, procedures, laws and regulations that could have a significant impact on our company
- Evaluating how the company can identify and safeguard its assets
- Evaluating how effectively and efficiently the company's resources are being used
- Evaluating operations and programmes to determine whether the company is meeting its objectives and goals as planned
- Monitoring and evaluating how the company governs itself
- Advising the company on issues like governance, risk management and control
- Administrative reporting to the company at least once a quarter on the state of the internal audit
- Functional reporting of significant risk exposures and control issues, including fraud risk, governance, and other matters requested by the Audit Committee