INFORMATION SECURITY POLICY
Introduction
We are MELP – HRtech with a focus on developing Employee Benefits software as a service (Saas). Internet platform serving as a tool to manage and communicate about employee benefits. Self-service mobile application enabling people to make their own decisions about what benefits they want to get for their work.
We want to be a digital eco‐system bringing together employees, employers and service providers to enhance employees’ engagement and the human-oriented organizational identity.
We provide a simple and affordable digital tool to secure that every single penny spent on employee benefits is a penny towards increased employee engagement, loyalty and retention.
Purpose of Information Security Policy
At MELP we take information security seriously. Accordingly, we seek to meet all the requirements declared by ISO/IEC 27001, which is an international standard for information security management system. In that case we commit to MELP clients, partners, shareholders, employees to ensure all Security goals.
Security goals at MELP
MELP commits to safeguard the confidentiality, integrity, and availability of all physical and electronic information assets of the company to ensure that regulatory, operational, and contractual requirements are fulfilled. The overall goals for information security at MELP are the following:
- To ensure compliance with current laws, regulations, and guidelines.
- To ensure to comply with requirements for confidentiality, integrity, and availability for MELP clients, partners, shareholders, employees, and other users.
- To establish controls for protecting MELP information and information systems against theft, abuse and other forms of harm and loss.
- To seek to motivate employees to maintain the responsibility for ownership of and knowledge about information security, in order to minimize the risk of security incidents.
- To ensure periodical employee training to raise awareness of information security.
- To ensure that MELP is capable of continuing their services even if major security incidents occur.
- To ensure the protection of personal data (privacy).
- To ensure meet all the requirements declared by ISO/IEC 27001.
- To ensure that external service providers comply with MELP information security needs and requirements.
- To ensure that Sub-processors of MELP comply with MELP information security needs and requirements.
- To ensure effective risk management and the use of appropriate risk management measures to manage the risk to an acceptable level.
- To ensure safe access control to the MELP system.
- To ensure the integrity and readiness of the MELP system.
- To ensure a smooth client service in compliance with all security requirements.
- To ensure accurate and secure operation of information processing tools.
- To ensure that security is an integral part of information systems.
- To ensure continuous improvement of the information security management system.
Security goals implementation
The implementation of the MELP information security management system is managed consistently. As far, welcome to meet the following measures of information security at MELP:
Privacy:
MELP privacy policy is written to be a concise, intelligible, and easily accessible user guide. You can familiarise yourself with how MELP processes your personal data at Privacy Policy and Privacy Policy Mobile.
As MELP takes user privacy very seriously and fully complies with all privacy requirements in the GDPR agreement, welcome to meet GDPR Compliant.
Happy client is one of our main goals. For that we had created an easy complaints procedure. Welcome to meet the MELP Complaints procedure.
Storage:
Our server infrastructure is hosted within multiple Amazon Web Services (AWS) data centers in the Dublin region, Ireland. You may find more information about AWS data centers here.
Professional indemnity and Cyber Risks insurance:
Our Professional Indemnity and Cyber Risks are insured for the amount of 1 million EUR by the worldwide leading specialist insurance market Lloyd’s, more information Cyber Risks insurance.
For more information about security at MELP, please visit our Security webpage.
Responsibility
We believe that it all starts with us, therefore, at MELP we take responsibility to ensure the following actions of all company employees:
The CEO is the designated owner of the Information Security Policy and is responsible for the maintenance and review of the Information Security Policy, processes and procedures. Top Management of MELP are also responsible for:
- to set general information security management objectives.
- identify objectives and measures for improving information security by including them in strategic and operational plans.
- to ensure the supply of the necessary resources.
- to ensure the process of enabling employees to improve their knowledge in the information security field.
- to ensure an ongoing internal audit process which will review the adequacy of the controls that are implemented to protect the organization’s information and recommend improvements where deficiencies are found.
- to ensure that MELP will work towards implementing the ISO27000 standards, the International Standards for Information Security.
Heads of Departments are responsible for ensuring that all employees, partners and contractual third parties of MELP are made aware of and comply with the Information Security Policy, processes and procedures. Also:
- Regulatory, legislative and contractual requirements will be incorporated into the Information Security Policy, processes and procedures.
- The requirements of the Information Security Policy, processes, and procedures will be incorporated into the organization’s operational procedures and contractual arrangements.
- Review and monitor reported security incidents.
All employees, partners and contractual third parties of MELP accessing the organization’s information are required to adhere to the Information Security Policy, processes and procedures.
The information security policy shall be reviewed periodically, at least once a year, and revised as necessary.
CEO Vidmantas Siugždinis