EN
HR
In mid-December, Valamar certified its information security management system according to the international standard ISO 27001, one of the key global frameworks for information protection and security risk management. The certification was carried out by the independent accredited company Quality Austria Adriatic doo, after a detailed review of the technical and organizational security controls applied by the company in its operations.
"I am proud to present this certificate on behalf of Quality Austria Adriatic doo as confirmation of excellence, commitment and a responsible approach to information security management in a leading tourism company", said the executive director of Quality Austria Adriatic doo Andrea Ivezic.
ISO 27001 is an internationally recognized standard that defines the requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system. In the context of the tourism sector, which increasingly relies on digital systems, personal data processing and integrated information platforms, this standard gains additional strategic weight.
"Acquiring the ISO 27001 certificate is another confirmation of our strategic focus on information protection and strengthening the trust of our guests. By modernizing technological processes and continuously educating our employees, we are building a reliable, secure and responsible business.", he said Vlastimir Ivancic, Head of Development Projects at Valamar.
Management of risks and security processes
The certification process covered a number of areas, including information infrastructure management, access control, security risk assessment and management, defining data handling procedures, and employee training on security practices. Special emphasis was placed on organizational measures and clearly defined responsibilities within the system.
For large-scale tourism companies like Valamar, information security does not only apply to IT departments, but to the entire organization. Managing guest, partner and employee data requires a systematic approach that includes technology, processes and people, which is also the underlying logic of the ISO 27001 standard.
ISO 27001 in the context of hospitality and tourism
The digital transformation of tourism, the increasing use of online booking systems, personalized services, CRM platforms and data analytics, increases exposure to security risks. At the same time, the regulatory framework, including GDPR, further emphasizes the responsibility of companies in protecting personal data.
In this context, ISO 27001 certification becomes a corporate governance tool, not just a technical issue. It demonstrates an organization's ability to systematically identify, assess and manage information risks, with clearly defined policies and control mechanisms.
ISO 27001 thus builds on the existing integrated management system that Valamar has been developing for years, which includes standards for quality, the environment, energy efficiency, food safety, carbon footprint management, and the safety of infrastructure and recreational facilities. Valamar holds a number of international certificates, including ISO 9001, ISO 14001, ISO 50001, ISO 45001, HACCP, ISO 14064, EN 14065, EN 1176, EN 1069, and ISO 27001.
"With Valamar's Health and Safety program, we have been implementing and certifying management systems and safety requirements for many years through a strong focus on the highest standards of quality, sustainability and safety in the hospitality industry. Certification according to the ISO 27001 standard is a logical continuation of this commitment, which proves our commitment to the safety of all our stakeholders.", he said Oliver Brajkovic, director of audit and standardization in Valamar.
Wider significance for the sector
The application of international information security standards in tourism is still not widespread, especially outside of large systems. However, the growth of digitalization and increasing dependence on data suggest that such standards will become increasingly relevant for medium and small tourism entities as well.
ISO 27001 certification does not mean the complete elimination of risks, but it represents a structured framework for their management. In this sense, the example of Valamar can be seen as a signal of the direction in which corporate governance in the tourism industry is developing, especially in the segment of data security and user trust.
