Client data security confirmed by an international standard

As of October 10, 2025, all companies operating within TPA Poland, Baker Tilly TPA, and Baker Tilly Legal Poland have obtained the ISO/IEC 27001:2022 certification. Receiving this highly significant certification – particularly important for advisory and outsourcing firms – was preceded by months of preparation focused on verifying existing procedures, adapting them to the standard’s requirements, and auditing the processes functioning within each company, including information flow and the security of both client and internal data.

Proper data protection is one of the pillars of our business, centered on advisory, outsourcing, and ensuring the correctness of specific processes in which we support our clients. Since the company’s inception, we have made every effort to provide all entities cooperating with us with the highest level of information protection, using modern and secure data exchange technologies based on Microsoft solutions, including Microsoft Sharepoint.

Aware of the responsibility associated with storing and processing data, we decided to implement an information security management system compliant with the international ISO 27001 standard. At the same time, this represents our official commitment to continuously improve existing processes and to enhance our security level as both the organization and protective technologies evolve.

The security of our clients’ data is not only a matter of compliance but, above all, of trust – especially today, when data has become the most valuable currency in business. Our certification confirms that we apply the highest standards of data protection and effectively minimize the risk of unauthorized access. Our processes are not only secure but also continuously improved. We believe that investing in information security is an investment in lasting, trust-based client relationships – an essential element of strong and enduring business partnerships, says Krzysztof Kaczmarek, Managing Partner at TPA Poland.

ISO 27001 is an international standard defining the requirements for an Information Security Management System (ISMS), and obtaining the certification confirms that all procedures and systems in this area have been properly designed, implemented, and are carried out in accordance with the highest standards for protecting confidential data.

To maintain certification continuity, all companies will undergo an annual surveillance audit aimed at continuously verifying compliance of implemented processes with applicable regulations and assessing the effectiveness of ongoing improvements. The certificate will be renewed every three years following a successful audit conducted by independent auditing bodies.