INFORMATION SECURITY POLICY
Purpose of Information Security Policy
At MELP we take information security seriously. Accordingly, we seek to meet all the requirements declared by ISO/IEC 27001, which is an international standard for information security management system. In that case we commit to MELP clients, partners, shareholders, employees to ensure all Security goals.
Security goals at MELP
MELP commits to safeguard the confidentiality, integrity, and availability of all physical and electronic information assets of the company to ensure that regulatory, operational, and contractual requirements are fulfilled. The overall goals for information security at MELP are the following:
- To ensure compliance with current laws, regulations, and guidelines.
- To ensure to comply with requirements for confidentiality, integrity, and availability for MELP clients, partners, shareholders, employees, and other users.
- To establish controls for protecting MELP information and information systems against theft, abuse and other forms of harm and loss.
- To seek to motivate employees to maintain the responsibility for ownership of and knowledge about information security, in order to minimize the risk of security incidents.
- To ensure periodical employee training to raise awareness of information security.
- To ensure that MELP is capable of continuing their services even if major security incidents occur.
- To ensure the protection of personal data (privacy).
- To ensure meet all the requirements declared by ISO/IEC 27001.
- To ensure that external service providers comply with MELP information security needs and requirements.
- To ensure that Sub-processors of MELP comply with MELP information security needs and requirements.
- To ensure effective risk management and the use of appropriate risk management measures to manage the risk to an acceptable level.
- To ensure safe access control to the MELP system.
- To ensure the integrity and readiness of the MELP system.
- To ensure a smooth client service in compliance with all security requirements.
- To ensure accurate and secure operation of information processing tools.
- To ensure that security is an integral part of information systems.
- To ensure continuous improvement of the information security management system.
We believe that it all starts with us, therefore, at MELP we take responsibility to ensure the following actions of all company employees:
The CEO is the designated owner of the Information Security Policy and is responsible for the maintenance and review of the Information Security Policy, processes and procedures. Top Management of MELP are also responsible for:
- to set general information security management objectives.
- identify objectives and measures for improving information security by including them in strategic and operational plans.
- to ensure the supply of the necessary resources.
- to ensure the process of enabling employees to improve their knowledge in the information security field.
- to ensure an ongoing internal audit process which will review the adequacy of the controls that are implemented to protect the organization’s information and recommend improvements where deficiencies are found.
- to ensure that MELP will work towards implementing the ISO27000 standards, the International Standards for Information Security.
Heads of Departments are responsible for ensuring that all employees, partners and contractual third parties of MELP are made aware of and comply with the Information Security Policy, processes and procedures. Also:
- Regulatory, legislative and contractual requirements will be incorporated into the Information Security Policy, processes and procedures.
- The requirements of the Information Security Policy, processes, and procedures will be incorporated into the organization’s operational procedures and contractual arrangements.
- Review and monitor reported security incidents.
All employees, partners and contractual third parties of MELP accessing the organization’s information are required to adhere to the Information Security Policy, processes and procedures.
The information security policy shall be reviewed periodically, at least once a year, and revised as necessary.
CEO Vidmantas Siugždinis