MELP recognizes the critical importance of safeguarding its information assets. This Information Security Policy outlines our commitment to maintaining a secure environment in line with ISO/IEC 27001:2022, the international standard for information security management. Through this policy, MELP aims to protect the confidentiality, integrity, availability, and resilience of its information assets to meet the needs of our clients, partners, shareholders, employees, and stakeholders.
The following objectives outline MELP’s focus on information security and continuous improvement in alignment with ISO/IEC 27001:2022:
a) Compliance: to ensure MELP adheres to applicable laws, regulations, and guidelines, including ISO/IEC 27001:2022.
b) Confidentiality, Integrity, and Availability: to protect these core principles to support secure and reliable service delivery.
c) Operational Resilience: to maintain resilience to ensure continuity of services in the event of security incidents.
d) Risk Management: to use an established risk management framework to identify and mitigate risks proactively.
e) Security Controls: to implement effective controls to prevent unauthorized access, data theft, and other potential threats.
f) Employee Awareness and Training: to equip employees with knowledge to foster a secure environment.
g) Privacy Protection: to safeguard personal data in compliance with data protection regulations.
h) Suppliers Security: to ensure that MELP sub-processors and other services Suppliers, meet MELP security standards.
i) Access Management: to maintain access controls that secure MELP systems and align with user roles and security requirements.
j)Objectives: Information security objectives are set by management and renewed annually to ensure alignment with organizational goals and compliance requirements.
k) Continuous Improvement: to regularly assess and enhance MELP’s Information Security Management System.
Information security at MELP is a shared responsibility, with clear roles defined for the effective management of information security:
a) The CEO and Top management are responsible for oversight and alignment of information security with MELP’s business objectives.
b) They establish and communicate security objectives and allocate resources to support ongoing information security initiatives.
c) Top Management ensures the development and maintenance of a proactive culture of information security across the organization.
d) Department heads are tasked with ensuring compliance with information security processes within their teams and among relevant third parties.
e) They are responsible for incorporating security requirements into operational and contractual processes.
f) All employees and contracted Suppliers are expected to adhere to MELP’s Information Security Policy and participate in security training.
g) They are encouraged to identify and report any potential security incidents, vulnerabilities, or threats.
MELP supports a proactive security culture by providing regular training and awareness programs:
h) Training sessions are conducted to inform employees about security threats, such as phishing.
i) MELP’s training program is designed to keep all employees informed about the latest security policies and prepared to uphold a secure environment.
MELP expects all MELP sub-processors and other services Suppliers, to comply with our information security standards:
j) Suppliers information security practices are regularly assessed to ensure alignment with MELP’s requirements.
k) MELP fulfills all obligations arising from contracts.
l) MELP complies with applicable legal and regulatory requirements.
MELP is committed to ongoing assessment and improvement of its Information Security Management System:
m) This policy and related security practices are reviewed regularly and updated based on audit findings, incident reports, and performance metrics.
n) MELP integrates current threat intelligence and security trends into its risk management practices to maintain a proactive stance on information security.
This policy will be reviewed periodically, at least once a year, to ensure it continues, to meet the security needs of MELP and our stakeholders.
CEO Vidmantas Šiugždinis