The General Data Protection Regulation (GDPR) is an EU privacy law that came into effect on May 25, 2018. It increased restrictions on what organisations can do with your data, as well as extended your rights to access and control how your personal data is used.
MELP hosts data in one of the most reliable and secure cloud services worldwide – Amazon Web services (AWS). Amazon’s data centers maintain the highest security requirements and have several layers of physical and operational security. It is designed to satisfy data security requirements for privacy-sensitive organizations.
As an additional security layer to reduce the fraud, data, and identity loss exposure, MELP uses 2-factor authentication (2FA), provided by Amazon Cognito. Amazon Cognito complies HIPAA, PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 standards.
Professional indemnity and Cyber Risks insurance at Lloyd’s
Our Professional Indemnity and Cyber Risks are insured for the amount of 1 million EUR by the worldwide leading specialist insurance market Lloyd’s , which has financial strength ratings of A+ (Strong) by Standard & Poor's, AA- (Very Strong) by Fitch Ratings and A (Excellent) by A.M. Best.
AWS resources are configured according to the CIS AWS Foundations Benchmark.
We have designed our infrastructure to be highly available and fault-tolerant. To achieve this, we have applied industry best practices such as the AWS Well-Architected Framework.
Our server infrastructure is hosted within multiple Amazon Web Services (AWS) data centers in the Dublin region, Ireland.
Our production environment is fully separated from other environments that we use for development and testing – we use a separate AWS account.
Cross-account and cross-region automated backup policies are in place to keep customer data backed up in multiple AWS accounts and multiple AWS regions within the EU (Ireland and Germany).
The network is isolated from the outside. Administrative access is only possible via an encrypted connection and for eligible personnel.
Access for engineering personnel and software components is managed according to the principle of least privilege, with tight security groups and IAM policies.
System monitoring and alerting
Proactive monitoring tools are used for regression and threat monitoring (GuardDuty, Security Hub, CloudTrail).
Frequently asked questions