INFORMATION SECURITY POLICY
MELP – HR Tech with a focus on developing Employee Benefits software as a service (Saas). Internet platform serving as a tool to manage and communicate employee benefits. A self-service mobile application enables people to decide what benefits they want to get for their work.
We want MELP to be a digital eco‐system that brings together employees, employers, and service providers to enhance employee engagement and the human-oriented organizational identity.
MELP provides a simple and affordable digital tool to secure that every single penny spent on employee benefits is a penny towards the increased employee engagement, loyalty, and retention.
MELP implement information security management to prevent incidents that could damage the reputation of the organization and undertake to:
- Ensure the protection of the organization’s information and information technology;
- Ensure information security is in line with operational requirements and relevant laws and regulations;
- Manage information security in the organization;
- Achieve and maintain the protection of the organization’s assets;
- Avoid unauthorized physical access, loss, and disruption to the organization’s operations and information;
- Ensure that information security incident management is consistent and effective;
- Avoid loss, damage, theft, or defect of property and business interruptions;
- Ensure accurate and secure operation of information processing tools;
- Maintain the integrity and readiness of information and information processing tools;
- Prevent unauthorized access to information stored in information systems;
- Ensure that security is an integral part of information systems;
- Supervise the information security system ensuring compliance with the requirements of ISO/IEC 27001:2013;
- Carry out periodic risk assessments to identify the need for further action;
- Periodically change passwords for existing information systems in the organization;
- Strive for continuous improvement of information security management.
Top management ensures that the information security policy:
- is applicable to the purpose of the organization;
- includes a commitment to comply with the established information security goals structure and defined general direction and principles of activity;
- includes a commitment to comply with legal and other requirements;
- is coordinated with the strategic risk management context of the organization, including the development and maintenance of information security system;
- is available to all employees of the organization and external parties;
- all the objectives are reviewed at least once a year.
CEO Juozas Sargūnas